Resolving machine names
CDSSO can be unintentionally disabled upon WebSEAL startup because the machine itself is not adequately configured to resolve machine names.
The machine on which WebSEAL is located needs to be able to fully resolve an IP address. We can use the LMI to configure the DNS.
The following general information is provided only as an example:
Goal: Configure the machine to first look to DNS before checking the local /etc/hosts file for DNS information.
Steps
- Make sure that /etc/resolv.conf has valid DNS server entries.
- Edit /etc/nsswitch.conf so the hosts line indicates the correct order for checking DNS information:
hosts dns files
Alternative goal: Configure the machine to first use local DNS information (/etc/hosts) before checking DNS.
- Configure the machine to check /etc/hosts before looking to DNS. Edit /etc/nsswitch.conf so the hosts line indicates the correct order for checking DNS information:
hosts files dns
- Enter appropriate DNS information in /etc/hosts:
webseal1.fully.qualified.com 1.11.111.111
webseal2.fully.qualified.com 2.22.222.222
Parent topic: CDSSO conditions and requirements