[Authentication] When does 'realm discover' return two sections for the one realm, with one not configured?
Sumit Bose
sbose at redhat.com
Wed Oct 16 07:07:49 UTC 2019
On Tue, Oct 15, 2019 at 09:26:38AM -0700, Richard Sharpe wrote:
> Hi folks,
>
> Today I saw the following when running 'realm discover -v <some-realm>'
> * Resoving: _ldap._tcp.<some-realm>
> * Performing LDAP DSE LOOKUP on: 10.x.y.z
> * Performing LDAP DSE LOOKUP on: 10.x.a.z
> * Successfully discovered: <some-realm>
> SOME-REALM
> type: kerberos
> realm-name: SOME-REALM
> domain-name: some-realm
> configured: kerberos-member
> ...
> some-realm
> type: kerberos
> realm-name: SOME-REALM
> domain-name: some-realm
> configured: no
>
> Why would a domain/realm have this second section?
Hi,
typically I see this double output with 'realm list' on systems where
both SSSD and Samba/Winbind are configured. This is because realmd does
not store its state in a specific file but collects to state from the
existing Samba, SSSD and Kerberos configuration.
I haven't seen this with 'realm discover' so far. What is the
'client-software' for the two different realms? You have given one
section name in upper-case and the other in lower-case, I guess this
might be the reason why realmd thinks that there are two "different"
realms. I'll try to reproduce.
bye,
Sumit
>
> --
> Regards,
> Richard Sharpe
> (何以解憂?唯有杜康。--曹操)(传说杜康是酒的发明者)
> _______________________________________________
> Authentication mailing list
> Authentication at lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/authentication
More information about the Authentication
mailing list