[Users] Restirct list of AD servers
Keith Mitchell
kamitch at cisco.com
Mon Feb 18 13:21:51 UTC 2013
I have a situation where the Active Directory domain I am trying to use
as authentication for ovirt lists many servers all around the world.
But... my server running ovirt is sitting behind a firewall that doesn't
allow me to access all of them... only the local ones. We do have a
"locater dns record" which we can query at a well known name and it will
always return the local ip address of the AD server... but if you query
the SRV records for the domain it will return all of the servers.
I was able to add the domain using engine-manage-domains, and I tweaked
the /etc/ovirt-engine/krb5.conf to only include the local AD servers
where we can access, but that doesn't seem to be sufficient.
Not sure if ovirt is querying the dns records on boot to get the list of
servers to talk to or not, but it doesn't seem to be using
/etc/ovirt-engine/krb.conf for this purpose.
So... is there anyway to manually force it to use a certain server and
not have it query dns?
thanks.
More information about the Users
mailing list