<div dir="ltr"><div>Be sure to have a mirror IPA server _NOT_on the same ovirt host AND you need to be using at least 2 DNS servers AND they both must be able to point kerberos lookups to all IPA servers. I have my main IPA server as a vm and a secondary on a physical system I run backups from.<br>
<br></div><br></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Wed, Nov 6, 2013 at 12:49 PM, Jakub Bittner <span dir="ltr"><<a href="mailto:j.bittner@nbu.cz" target="_blank">j.bittner@nbu.cz</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi,<br>
<br>
I found an issue with IPA (and DNS) and oVirt. If I have hosted IPA server in ovirt and have enabled login thru IPA to oVirt and I stop IPA VM, I can not do anything in oVirt. I can not even log in to oVirt, because login dialog is grayed out (I think it waits on reaching IPA server). Of course I use IPA as primary DNS server for oVirt. After some time oVirt lets me input local admin credentials and waits on something.<br>
<br>
I have more ipa servers, so I think login authentication should fall back to another IPA server, but it does not.<br>
______________________________<u></u>_________________<br>
Users mailing list<br>
<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a><br>
<a href="http://lists.ovirt.org/mailman/listinfo/users" target="_blank">http://lists.ovirt.org/<u></u>mailman/listinfo/users</a><br>
</blockquote></div><br><br clear="all"><br>-- <br><div dir="ltr">-- <br>James P. Kinney III<br><i><i><i><i><br></i></i></i></i>Every time you stop a school, you will have to build a jail. What you
gain at one end you lose at the other. It's like feeding a dog on his
own tail. It won't fatten the dog.<br>
- Speech 11/23/1900 Mark Twain<br><i><i><i><i><br><a href="http://heretothereideas.blogspot.com/" target="_blank">http://heretothereideas.blogspot.com/</a><br></i></i></i></i></div>
</div>