Chandan Kumar wrote:
Hello,

I have basic configuration question, my apologies if it has already been
discussed.

I have ipa-server-3 server installed with default parameters with
replication.

We have Linux machines across different geo location and I would like to
integrate them into IPA server, however, I don't want external clients
to connect the server on standard port.

For example, during ipa-client registration it requires all IPA services
to be running on default port.

Such as : trying https://ipa01.my.net/ipa/xml

kdc = ipa01.my.net:88 <http://ipa01.my.net:88>
master_kdc = ipa01.my.net:88 <http://ipa01.my.net:88>
admin_server = ipa01.my.net:749 <http://ipa01.my.net:749>

Is there any way in ipa-client-install or sssd file to instruct IPA
client to connect to IPA server on no-standard ports such as

trying https://ipa01.my.net:8080/ipa/xml

This way I don't have to allocate a separate IP or additional web server
to redirect the requests a simple NAT at firewall will do such as
external 8080 -> internal 443

Currently there is no way to do this. I'd have sworn we had a ticket to add this but a quick search didn't turn it up. If you'd like this supported feel free to open a ticket at https://fedorahosted.org/freeipa/newticket

I don't think this would be tremendously difficult to do, the trick would be communicating the port to clients somehow while they are trying to enroll. A command-line option would probably be the shortest path.

This may be decent low-hanging fruit if you're interested in being a contributor to IPA.

rob

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to