Password changes will use Kerberos port 464.  Is Nginx forwarding port 464 
to whatever domain controllers are managing the users who want to change their 

--David Alston

From: doug.kelly--- via FreeIPA-users 
Sent: Monday, September 11, 2017 10:16 AM
Subject: [Freeipa-users] Nginx in front of IPA?


We have an "interesting" set up here and ultimately it means that some of our 
users are on a network that can't access the domain that the IPA servers are on 
so can't reset their passwords. However, they do have access to a domain that 
we can proxy requests through to get to IPA.

Through googling a bit I saw people mention changing 'xmlrpc_uri' in 
/etc/ipa/default.conf along with some proxy settings for nginx but couldn't 
really see anything "official".

Has anyone successfully put nginx in front of a cluster of IPA servers? Is 
there any documentation to detail the steps involved?


Wipro Limited (Company Regn No in UK FC 019088) Address: Level 2, West wing, 3 
Sheldon Square, London W2 6PS, United Kingdom. Tel +44 20 7432 8500 Fax: +44 20 
7286 5703 VAT Number: 563 1964 27 (Branch of Wipro Limited (Incorporated in 
India at Bangalore with limited liability vide Reg no L99999KA1945PLC02800 with 
Registrar of Companies at Bangalore, India. Authorized share capital Rs 5550 
mn)) Please do not print this email unless it is absolutely necessary. The 
information contained in this electronic message and any attachments to this 
message are intended for the exclusive use of the addressee(s) and may contain 
proprietary, confidential or privileged information. If you are not the 
intended recipient, you should not disseminate, distribute or copy this e-mail. 
Please notify the sender immediately and destroy all copies of this message and 
any attachments. WARNING: Computer viruses can be transmitted via email. The 
recipient should check this email and any attachments for the presence of 
viruses. The company accepts no liability for any damage caused by any virus 
transmitted by this email.<>
This email has been scanned by the Symantec Email service.
For more information please visit
FreeIPA-users mailing list --
To unsubscribe send an email to

Reply via email to