[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Freeze exception for sssd?



[Philipp Kern]
> I do see (3) "adhere to standards and prefer SRV records, requiring 
> manual configurations on sites that screwed up".

This is really false dichtonomy, as it is not a question of adhering
to standards, but which setup should have priority regarding these
standards.  For uio.no, Windows and Active Directory got priority for
the SRV records, and Linux machines can not use these to locate the
LDAP and Kerberos servers.  IF they try, they get the AD LDAP server
and the AD Kerberos server, and the AD LDAP server do not contain the
required LDAP objects needed by NSS.

This will be the case for many sites, as most sites have more Windows
clients than Linux clients.  Windows got the SRV records in DNS, and
Linux machines will not get them if they tried.  So a different
alternative is needed to be able to automatically configure both Linux
and Windows clients, I choose to use the setup currently in place here
at the university of Oslo, where Linux machines got DNS CNAMEs and AD
got SRV records.

> Could you enlighten me how this affects Debian Edu in general?  I do
> realize that uio.no might not work with this setup.

The sssd package for Debian Edu will probably work with both if the
main-server is Squeeze based, but will not work if the server is Lenny
based, as some of the SRV records were not present or incorrect
(unused, untested, bug discovered while working on the Squeeze
version) in Lenny.

Happy hacking,
-- 
Petter Reinholdtsen


Reply to: