[Users] Restirct list of AD servers

Yair Zaslavsky yzaslavs at redhat.com
Mon Feb 18 09:09:34 EST 2013


----- Original Message -----
> From: "Keith Mitchell" <kamitch at cisco.com>
> To: "Yair Zaslavsky" <yzaslavs at redhat.com>
> Cc: users at ovirt.org
> Sent: Monday, February 18, 2013 4:01:25 PM
> Subject: Re: [Users] Restirct list of AD servers
> 
> 
> That seems to get ignored if the provider type is ActiveDirectory.

Please provide information your oVirt setup (i.e - what RPMS did you install)


> 
> On 2/18/13 8:37 AM, Yair Zaslavsky wrote:
> > Will -ldapServers option help you ?
> > It allows you to set an LDAP servers per domain, and modified the
> > krb5.conf file accordingly, under the assumption that the ldap
> > server also serves as KDC.
> >
> > Yair
> >
> >
> > ----- Original Message -----
> >> From: "Keith Mitchell" <kamitch at cisco.com>
> >> To: users at ovirt.org
> >> Sent: Monday, February 18, 2013 3:21:51 PM
> >> Subject: [Users] Restirct list of AD servers
> >>
> >> I have a situation where the Active Directory domain I am trying
> >> to
> >> use
> >> as authentication for ovirt lists many servers all around the
> >> world.
> >>
> >> But... my server running ovirt is sitting behind a firewall that
> >> doesn't
> >> allow me to access all of them... only the local ones.  We do have
> >> a
> >> "locater dns record" which we can query at a well known name and
> >> it
> >> will
> >> always return the local ip address of the AD server...  but if you
> >> query
> >> the SRV records for the domain it will return all of the servers.
> >>
> >> I was able to add the domain using engine-manage-domains, and I
> >> tweaked
> >> the /etc/ovirt-engine/krb5.conf to only include the local AD
> >> servers
> >> where we can access, but that doesn't seem to be sufficient.
> >>
> >> Not sure if ovirt is querying the dns records on boot to get the
> >> list
> >> of
> >> servers to talk to or not, but it doesn't seem to be using
> >> /etc/ovirt-engine/krb.conf for this purpose.
> >>
> >> So... is there anyway to manually force it to use a certain server
> >> and
> >> not have it query dns?
> >>
> >> thanks.
> >> _______________________________________________
> >> Users mailing list
> >> Users at ovirt.org
> >> http://lists.ovirt.org/mailman/listinfo/users
> >>
> 
> 


More information about the Users mailing list