I'm attempting to figure out if it's possible to configure IPA's web UI in such
a way that it can be accessed from both a private and a public network
I've installed IPA server (version 3.0.0) on a RHEL 6.7 host (ipa.dev.internal)
and configured an IPA domain (dev.internal). Our client machines reside on a
separate domain (dev.external) and network, which the IPA server is
additionally connected to.
>From hosts on the internal network (10.1.0.0/16), I am able to access the IPA
>web UI without issue, as expected.
>From hosts on the external network (192.168.1.0/24), I was initially presented
>with a blank screen when attempting to access the web UI.
I attempted to disable the httpd rewrite rules located in
/etc/httpd/conf.d/ipa-rewrite.conf and restarted the httpd server: this allowed
me to see the login page, but immediately presented me with a web app error
Lastly, I attempted to modify the ipa-rewrite.conf, replacing all instances of
the initial FQDN (ipa.dev.internal) with the public FQDN (ipa.dev.external):
this allowed me to see the login page and even to successfully submit login
credentials. However, upon entered valid login credentials I am immediately
redirected back to the login page in an infinite redirect loop.
Are there any glaring oversights I'm making? I imagine that the problem
ultimately lies with Kerberos (and possibly my external client's HTTP
referrer), but admittedly I lack expertise in that area.
Any help in getting this issue solved would be greatly appreciated.
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project