Hello,
I've found out that if you have clients outside the server domain and when having conflicting SRV records (AD-records) in the client domain. ipa client enrollment will fail or getting timeouts to IPA services.
Solution to this is to add dns_discovery_domain to sssd.conf.
ipa-client-install needs to be able to handle this scenario.
I proposed patch here: https://www.redhat.com/archives/freeipa-devel/2011-December/msg00332.html
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=773490
master: 96390ca
ipa-2-2: 034f6d7
Metadata Update from @lsjostro: - Issue assigned to rcritten - Issue set to the milestone: FreeIPA 3.0 Core Effort Remaining Work
Login to comment on this ticket.