From Fedora Project Wiki


Instaling clients with fallback servers.

An IPA client configures SSSD to use DNS to find a server to communicate with, and if that server is unreachable, it falls back to the specific server it was installed with. It is possible to use several such fallback servers.


  1. Install an IPA server as described in QA:Testcase_freeipav3_installation.
  2. Then, install some replicas as shown in QA:Testcase_freeipav3_replication.

How to test

Install the client

First, install the client RPMs:

# yum install freeipa-client freeipa-admintools

Then, install the client. Use a --server option for each of your masters:

# ipa-client-install --domain --server --server --server -p admin -w secret123

Verifying installation

When the install is done, verify that IPA is working, for example by getting information about the admin and getting a ticket:

# id admin
# getent passwd admin
# ipa user-show admin
# kinit admin

Check /etc/sssd/sssd.conf. The ipa_server option should have a "_srv_" entry, and the name of the server(s), in order.

On the master, shut down the IPA server:

# ipactl stop

Then, on the client, get the information again. This should give the same information as the test above, because the client contacts a replica.

# id admin
# getent passwd admin
# ipa user-show admin
# kinit admin

Remove the client

When you are done with the client, uninstall it:

# ipa-client-install --uninstall

Expected Results

All the test steps should end successfully with the specified results.