Be sure to have a mirror IPA server _NOT_on the same ovirt host AND you need to be using at least 2 DNS servers AND they both must be able to point kerberos lookups to all IPA servers. I have my main IPA server as a vm and a secondary on a physical system I run backups from. On Wed, Nov 6, 2013 at 12:49 PM, Jakub Bittner <j.bittner@nbu.cz> wrote:
Hi,
I found an issue with IPA (and DNS) and oVirt. If I have hosted IPA server in ovirt and have enabled login thru IPA to oVirt and I stop IPA VM, I can not do anything in oVirt. I can not even log in to oVirt, because login dialog is grayed out (I think it waits on reaching IPA server). Of course I use IPA as primary DNS server for oVirt. After some time oVirt lets me input local admin credentials and waits on something.
I have more ipa servers, so I think login authentication should fall back to another IPA server, but it does not. _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
-- -- James P. Kinney III Every time you stop a school, you will have to build a jail. What you gain at one end you lose at the other. It's like feeding a dog on his own tail. It won't fatten the dog. - Speech 11/23/1900 Mark Twain *http://heretothereideas.blogspot.com/ <http://heretothereideas.blogspot.com/>*