Chandan Kumar wrote:

I have basic configuration question, my apologies if it has already been

I have ipa-server-3 server installed with default parameters with

We have Linux machines across different geo location and I would like to
integrate them into IPA server, however, I don't want external clients
to connect the server on standard port.

For example, during ipa-client registration it requires all IPA services
to be running on default port.

Such as : trying

kdc = <>
master_kdc = <>
admin_server = <>

Is there any way in ipa-client-install or sssd file to instruct IPA
client to connect to IPA server on no-standard ports such as


This way I don't have to allocate a separate IP or additional web server
to redirect the requests a simple NAT at firewall will do such as
external 8080 -> internal 443

Currently there is no way to do this. I'd have sworn we had a ticket to add this but a quick search didn't turn it up. If you'd like this supported feel free to open a ticket at

I don't think this would be tremendously difficult to do, the trick would be communicating the port to clients somehow while they are trying to enroll. A command-line option would probably be the shortest path.

This may be decent low-hanging fruit if you're interested in being a contributor to IPA.


Freeipa-users mailing list

Reply via email to