On 10.3.2014 19:55, Dmitri Pal wrote:
On 03/10/2014 11:16 AM, [email protected] wrote:
Selon Petr Spacek<[email protected]>:
On 7.3.2014 16:57, Dmitri Pal wrote:
On 03/07/2014 10:29 AM, [email protected] wrote:
Selon Petr Spacek<[email protected]>:
On 7.3.2014 14:16,[email protected] wrote:
> I want to install ipa server with a replica. The replica has 2
NICs
: the
ipa
> server is connected on the first interface and all the clients are
connected on
> the second interface. The two networks are completely separated, 2
subnets
and
> not routed.
I'm curious - what is the reasoning behind this?:-)
The goal is to separate the administration flux and the userland flux.
The problem is that it is not that clean.
One server can connect to another on different ports and using different
protocols for different purposes. And client can actually be a proxy that
does
some admin tasks via LDAP or executes remote administrative commands.
I think may be it is better to explore FW rules.
For example create a FW rule that would allow only Kerberos and LDAP
connections from a set of hosts that would be clients. Hm but that again
would
prevent you from enrolling new systems since the ipa-client-install
connects
to IPA via admin interface during the enrollment stage.
May be there is some magic that can be done using DNS zones but I am not
sure...
Let me summarize this thread to:
Sorry, this is not supported.
Thanks for your answer; It's clear for me now, I understand why my different
tests didn't work.
Just for my information because it's a little bit confusing when I read in the
FreeIPA_Guide (Fedora18) the following sentence:
19.5. Setting DNS Entries for Multi-Homed Servers
Some server machines may support multiple network interface cards (NICs).
Multi-homed machines typically have multiple IPs, all assigned to the same
hostname. This works fine in FreeIPA most of the time because it listens on all
available interfaces, except localhost. For a server to be available through
any
NIC, edit the DNS zone file and add entries for each IP address. For example:
ipaserver IN A 192.168.1.100
ipaserver IN A 192.168.1.101
ipaserver IN A 192.168.1.102
What is the architecture of the Multi-Homed Servers in this case ?
What do you mean "architecture" in this context?
The main difference between your setup and the example in docs is that you
tried to use two different names for one server but the documentation shows an
example where one name is associated with multiple IP addresses.
Multiple IP addresses for one name are supported as it is very basic
requirement for IPv4 & IPv6 dual-stack configuration support.
Problems arise when you have multiple names for the same server.
Petr^2 Spacek
_______________________________________________
Freeipa-users mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-users
