[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: HA openldap-kerberos problem



Quanah-
  From the discussions you and I have had, I think it may be useful to
reference that you accomplish your load balancing through CNAME load
balancing, correct?  Do you use Stanford's lbnamed?

-Matt

On Tue, 2005-03-15 at 11:15 -0800, Quanah Gibson-Mount wrote:
> 
> --On Tuesday, March 15, 2005 11:23 AM -0500 dijuremo@math.gatech.edu wrote:
> 
> > Hi,
> >
> > I have a master ldap server:  gandalf.ibb.gatech.edu
> > I have an alias ldap.ibb.gatech.edu that points to gandalf.ibb.gatech.edu
> >
> > I have two servers configured with drbd and heartbeat that use a virtual
> > ip address to host services:
> > ibbstaff.ibb.gatech.edu  (10.0.0.15 virtual IP)
> > alias for nfs.ibb.gatech.edu that points to ibbstaff.ibb.gatech.edu
> > alias for samba.ibb.gatech.edu that points to ibbstaff.ibb.gatech.edu
> > alias for ldap2.ibb.gatech.edu that points to ibbstaff.ibb.gatech.edu
> > arwen.ibb.gatech.edu     (10.0.0.16) (Primary server)
> > aragorn.ibb.gatech.edu  (10.0.0.17) (Secondary server)
> >
> > I have created ketyab files on both arwen and aragorn under:
> > /etc/openldap/keytabs/ldap.keytab that includes the principals:
> > For arwen:
> > ldap/arwen.ibb.gatech.edu
> > ldap/ibbstaff.ibb.gatech.edu
> > For aragorn:
> > ldap/arwen.ibb.gatech.edu
> > ldap/ibbstaff.ibb.gatech.edu
> 
> 
> Aragorn should have:
> 
> ldap/aragorn.ibb.gatech.edu
> 
> You do not need the ldap/ibbstaff* keytabs.
> 
> I use a pool of 9 replicas and one master.  6 of the replica's are in an 
> "ldap.stanford.edu" pool.
> 
> tribes:~> klist
> Ticket cache: FILE:/tmp/krb5cc_54046_X18704
> Default principal: quanah@stanford.edu
> 
> Valid starting     Expires            Service principal
> 03/15/05 11:12:58  03/16/05 12:12:58  krbtgt/stanford.edu@stanford.edu
> 
> tribes:~> lsearch uid=quanah uid
> dn: uid=quanah,cn=Accounts,dc=Stanford,dc=edu
> uid: quanah
> 
> dn: suRegID=85e49978f61311d2ae662436000baa77,cn=People,dc=Stanford,dc=edu
> uid: quanah
> 
> tribes:~> klist
> Ticket cache: FILE:/tmp/krb5cc_54046_X18704
> Default principal: quanah@stanford.edu
> 
> Valid starting     Expires            Service principal
> 03/15/05 11:12:58  03/16/05 12:12:58  krbtgt/stanford.edu@stanford.edu
> 03/15/05 11:13:15  03/16/05 12:12:58  ldap/ldap6.stanford.edu@stanford.edu
> 
> 
> ldap6:/afs/ir/users/q/u/quanah#       klist -k /etc/krb5.keytab
> Keytab name: FILE:/etc/krb5.keytab
> KVNO Principal
> ---- 
> --------------------------------------------------------------------------
>    4 host/ldap6.stanford.edu@stanford.edu
>    5 ldap/ldap6.stanford.edu@stanford.edu
> 
> --Quanah
> 
> --
> Quanah Gibson-Mount
> Principal Software Developer
> ITSS/Shared Services
> Stanford University
> GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
Matthew J. Smith
University of Connecticut ITS
This message sent at Wed Mar 16 08:59:05 2005
PGP Key: http://web.uconn.edu/dotmatt/matt.asc


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQBCOD0/V7qLy6/ZdQURAjN/AKDs+UzO0pr4hWdXFjaD8EaOafaDNQCfSGWe
C6egIIlBHiCREoTckRn5gWQ=pTXZ
-----END PGP SIGNATURE-----