Enforce AD sites during Keberos ticket request?
Issue
There is an environment where there are two IdM servers running IPA 4.4 and several clients IPA4.4-RH7.X/IPA3.0-RH6.X and a trust to an Microsoft Active Directory forest. To validate an account sssd uses _kerberos._tcp.XXXX.YYY query to the AD environment so it comes back with a number of SRV records and it picks random one, not closest. The Microsoft Active Directory implements sites mechanism and the sssd should have similar functionality.
Environment
Red Hat Enterprise Linux 7
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
