Be sure to have a mirror IPA server _NOT_on the same ovirt host AND you need to be using at least 2 DNS servers AND they both must be able to point kerberos lookups to all IPA servers. I have my main IPA server as a vm and a secondary on a physical system I run backups from.

On Wed, Nov 6, 2013 at 12:49 PM, Jakub Bittner <j.bittner@nbu.cz> wrote:

Hi,

I found an issue with IPA (and DNS) and oVirt. If I have hosted IPA server in ovirt and have enabled login thru IPA to oVirt and I stop IPA VM, I can not do anything in oVirt. I can not even log in to oVirt, because login dialog is grayed out (I think it waits on reaching IPA server). Of course I use IPA as primary DNS server for oVirt. After some time oVirt lets me input local admin credentials and waits on something.

I have more ipa servers, so I think login authentication should fall back to another IPA server, but it does not.
_______________________________________________
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

--
James P. Kinney III

Every time you stop a school, you will have to build a jail. What you gain at one end you lose at the other. It's like feeding a dog on his own tail. It won't fatten the dog.
- Speech 11/23/1900 Mark Twain

http://heretothereideas.blogspot.com/