Right, I forgot that this is the way IPA sent multi-value primary keys
before version 4.0, sorry.
If you require working web UI, the only alternative is adding a host
entry for each hostname then.
Dne 21.11.2014 v 13:56 Christoph Kaminski napsal(a):
no have added it in 2 fqdn attributes
MfG
Christoph Kaminski
Von: Jan Cholasta <jchol...@redhat.com>
An: Christoph Kaminski <christoph.kamin...@biotronik.com>
Kopie: "freeipa-users@redhat.com" <freeipa-users@redhat.com>
Datum: 21.11.2014 11:09
Betreff: Re: Antwort: Re: Antwort: Re: [Freeipa-users] Multiple Domains
and SSH
------------------------------------------------------------------------
It seems you added "ipaclient.mgmt.hss.int,ipaclient.hss.int" to fqdn,
instead of adding "ipaclient.mgmt.hss.int" and "ipaclient.hss.int"
separately.
Dne 21.11.2014 v 11:05 Christoph Kaminski napsal(a):
> with ipa 3.3.0 work your second solution but if I do it then I get
> errors in the gui if I go to the hosts settings there
>
> Error:
> ipaclient.mgmt.hss.int,ipaclient.hss.int: host not found
>
>
>
> both names are in configured as A Record in dns
>
> MfG
> Christoph Kaminski
>
>
>
> Von: Jan Cholasta <jchol...@redhat.com>
> An: Christoph Kaminski <christoph.kamin...@biotronik.com>
> Kopie: Jakub Hrozek <jhro...@redhat.com>, Dmitri Pal <d...@redhat.com>,
> "freeipa-users@redhat.com" <freeipa-users@redhat.com>
> Datum: 20.11.2014 13:08
> Betreff: Re: Antwort: Re: [Freeipa-users] Multiple Domains and SSH
> ------------------------------------------------------------------------
>
>
>
> Hi,
>
> Dne 19.11.2014 v 09:45 Christoph Kaminski napsal(a):
> > this is an example of a host here and the ways how can I reach it via
> ssh:
> > (they are all in dns forward and reverse resolving)
>
> (note I redacted the hostnames and IP addresses in the output below)
>
> >
> > host host.mgmt
> > host.mgmt has address 192.168.1.1
> > host 192.168.1.1
> > 1.1.168.192.in-addr.arpa domain name pointer host.mgmt.
> > host host.mydom.int
> > host.mydom.int has address 192.168.2.1
> > host 192.168.2.1
> > 1.2.168.192.in-addr.arpa domain name pointer host.mydom.int.
> > host host.mydom.net
> > host.mydom.net has address 192.168.3.1
> > host 192.168.3.1
> > 1.3.168.192.in-addr.arpa domain name pointer host.mydom.net.
>
> So it's a host with multiple IP addresses? You have 2 options then:
>
> 1. Add a host entry with the SSH public key to IPA for each of the
> hostnames then, as Dmitri suggested.
>
> 2. Manually add the additional hostnames to the fqdn attribute of the
> host entry using ldapmodify.
>
> >
> > MfG
> > Christoph Kaminski
> >
> >
> >
> >
> > Von: Jan Cholasta <jchol...@redhat.com>
> > An: Jakub Hrozek <jhro...@redhat.com>, d...@redhat.com
> > Kopie: freeipa-users@redhat.com
> > Datum: 19.11.2014 07:53
> > Betreff: Re: [Freeipa-users] Multiple Domains and SSH
> > Gesendet von: freeipa-users-boun...@redhat.com
> >
------------------------------------------------------------------------
> >
> >
> >
> > Hi,
> >
> > Dne 18.11.2014 v 23:53 Jakub Hrozek napsal(a):
> > >
> > >> On 18 Nov 2014, at 23:12, Dmitri Pal <d...@redhat.com> wrote:
> > >>
> > >> On 11/18/2014 01:07 AM, Christoph Kaminski wrote:
> > >>> Hi
> > >>>
> > >>> I can reach each host here via ssh on multiple domains:
> > >>>
> > >>> host.mydom.int
> > >>> host mydom.net
> > >>> host.mgmt
> > >>>
> > >>> sss_ssh_knownhostproxy does work only on the domain which I have
> > use to register to ipa (mgmt), on the other domains I get ever "The
> > authenticity of host 'host.mydom.int (<no hostip for proxy command>)'
> > can't be established."... why?
> >
> > Because it does not know that the hostnames refer to the same host.
> >
> > Do you have a reverse DNS record set up for the host? Does it point to
> > the same hostname that you used to register the host in IPA?
> >
> > >>>
> > >>
> > >>
> > >> And other hosts in those domains are not registered?
> > >> May be you should try to add a host entry and SSH digest to
IPA even
> > if they are not enrolled?
> >
> > This would work too.
> >
> > >>
> > >
> > > Maybe Honza would have some tips for debugging...
> >
> > See pages 13-16 of
> >
>
<http://www.freeipa.org/images/1/10/Freeipa30_SSSD_OpenSSH_integration.pdf>.
> >
> > Honza
> >
> > --
> > Jan Cholasta
> >
> > --
> > Manage your subscription for the Freeipa-users mailing list:
> > https://www.redhat.com/mailman/listinfo/freeipa-users
> > Go To http://freeipa.org <http://freeipa.org/>
> <http://freeipa.org/><http://freeipa.org/>for more info on the project
> >
> >
> >
> > www.biotronik.com<http://www.biotronik.com
<http://www.biotronik.com/><http://www.biotronik.com/>>
> >
------------------------------------------------------------------------
> > *BIOTRONIK - excellence for life*
> > Established with the development of the first German pacemaker in
1963,
> > BIOTRONIK has upheld the highest quality standards in the fields of
> > cardiac rhythm management and vascular intervention in more than 100
> > countries worldwide. We’ve developed advanced technologies and
products
> > such as BIOTRONIK Home Monitoring®, Closed Loop Stimulation (CLS) and
> > Orsiro, the industry’s first hybrid drug eluting stent. BIOTRONIK also
> > offers the broadest portfolio of cardiac devices with ProMRI®, an
> > advanced technology that gives patients access to magnetic resonance
> > (MR) scanning.
> >
------------------------------------------------------------------------
> > BIOTRONIK SE & Co. KG
> > Woermannkehre 1, 12359 Berlin, Germany
> > Sitz der Gesellschaft: Berlin, Registergericht: Berlin HRA 6501
> >
> > Vertreten durch ihre Komplementärin:
> > BIOTRONIK MT SE
> > Sitz der Gesellschaft: Berlin, Registergericht: Berlin HRB 118866 B
> > Geschäftsführende Direktoren: Christoph Böhmer, Dr. Lothar Krings
> >
------------------------------------------------------------------------
> > This e-mail and the information it contains including attachments are
> > confidential and meant only for use by the intended recipient(s);
> > disclosure or copying is strictly prohibited. If you are not
addressed,
> > but in the possession of this e-mail, please notify the sender
> > immediately and delete the document.
>
> Honza
>
> --
> Jan Cholasta
>
>
>
> www.biotronik.com<http://www.biotronik.com <http://www.biotronik.com/>>
> ------------------------------------------------------------------------
> *BIOTRONIK - excellence for life*
> Established with the development of the first German pacemaker in 1963,
> BIOTRONIK has upheld the highest quality standards in the fields of
> cardiac rhythm management and vascular intervention in more than 100
> countries worldwide. We’ve developed advanced technologies and products
> such as BIOTRONIK Home Monitoring®, Closed Loop Stimulation (CLS) and
> Orsiro, the industry’s first hybrid drug eluting stent. BIOTRONIK also
> offers the broadest portfolio of cardiac devices with ProMRI®, an
> advanced technology that gives patients access to magnetic resonance
> (MR) scanning.
> ------------------------------------------------------------------------
> BIOTRONIK SE & Co. KG
> Woermannkehre 1, 12359 Berlin, Germany
> Sitz der Gesellschaft: Berlin, Registergericht: Berlin HRA 6501
>
> Vertreten durch ihre Komplementärin:
> BIOTRONIK MT SE
> Sitz der Gesellschaft: Berlin, Registergericht: Berlin HRB 118866 B
> Geschäftsführende Direktoren: Christoph Böhmer, Dr. Lothar Krings
> ------------------------------------------------------------------------
> This e-mail and the information it contains including attachments are
> confidential and meant only for use by the intended recipient(s);
> disclosure or copying is strictly prohibited. If you are not addressed,
> but in the possession of this e-mail, please notify the sender
> immediately and delete the document.
--
Jan Cholasta
www.biotronik.com <http://www.biotronik.com>
------------------------------------------------------------------------
*BIOTRONIK - excellence for life*
Established with the development of the first German pacemaker in 1963,
BIOTRONIK has upheld the highest quality standards in the fields of
cardiac rhythm management and vascular intervention in more than 100
countries worldwide. We’ve developed advanced technologies and products
such as BIOTRONIK Home Monitoring®, Closed Loop Stimulation (CLS) and
Orsiro, the industry’s first hybrid drug eluting stent. BIOTRONIK also
offers the broadest portfolio of cardiac devices with ProMRI®, an
advanced technology that gives patients access to magnetic resonance
(MR) scanning.
------------------------------------------------------------------------
BIOTRONIK SE & Co. KG
Woermannkehre 1, 12359 Berlin, Germany
Sitz der Gesellschaft: Berlin, Registergericht: Berlin HRA 6501
Vertreten durch ihre Komplementärin:
BIOTRONIK MT SE
Sitz der Gesellschaft: Berlin, Registergericht: Berlin HRB 118866 B
Geschäftsführende Direktoren: Christoph Böhmer, Dr. Lothar Krings
------------------------------------------------------------------------
This e-mail and the information it contains including attachments are
confidential and meant only for use by the intended recipient(s);
disclosure or copying is strictly prohibited. If you are not addressed,
but in the possession of this e-mail, please notify the sender
immediately and delete the document.
--
Jan Cholasta
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project
