Chandan Kumar wrote:
I have basic configuration question, my apologies if it has already been
I have ipa-server-3 server installed with default parameters with
We have Linux machines across different geo location and I would like to
integrate them into IPA server, however, I don't want external clients
to connect the server on standard port.
For example, during ipa-client registration it requires all IPA services
to be running on default port.
Such as : trying https://ipa01.my.net/ipa/xml
kdc = ipa01.my.net:88 <http://ipa01.my.net:88>
master_kdc = ipa01.my.net:88 <http://ipa01.my.net:88>
admin_server = ipa01.my.net:749 <http://ipa01.my.net:749>
Is there any way in ipa-client-install or sssd file to instruct IPA
client to connect to IPA server on no-standard ports such as
This way I don't have to allocate a separate IP or additional web server
to redirect the requests a simple NAT at firewall will do such as
external 8080 -> internal 443
Currently there is no way to do this. I'd have sworn we had a ticket to
add this but a quick search didn't turn it up. If you'd like this
supported feel free to open a ticket at
I don't think this would be tremendously difficult to do, the trick
would be communicating the port to clients somehow while they are trying
to enroll. A command-line option would probably be the shortest path.
This may be decent low-hanging fruit if you're interested in being a
contributor to IPA.
Freeipa-users mailing list