I'm attempting to figure out if it's possible to configure IPA's web UI in such 
a way that it can be accessed from both a private and a public network 

I've installed IPA server (version 3.0.0) on a RHEL 6.7 host (ipa.dev.internal) 
and configured an IPA domain (dev.internal). Our client machines reside on a 
separate domain (dev.external) and network, which the IPA server is 
additionally connected to.

>From hosts on the internal network (, I am able to access the IPA 
>web UI without issue, as expected.

>From hosts on the external network (, I was initially presented 
>with a blank screen when attempting to access the web UI.

I attempted to disable the httpd rewrite rules located in 
/etc/httpd/conf.d/ipa-rewrite.conf and restarted the httpd server: this allowed 
me to see the login page, but immediately presented me with a web app error 

Lastly, I attempted to modify the ipa-rewrite.conf, replacing all instances of 
the initial FQDN (ipa.dev.internal) with the public FQDN (ipa.dev.external): 
this allowed me to see the login page and even to successfully submit login 
credentials. However, upon entered valid login credentials I am immediately 
redirected back to the login page in an infinite redirect loop.

Are there any glaring oversights I'm making? I imagine that the problem 
ultimately lies with Kerberos (and possibly my external client's HTTP 
referrer), but admittedly I lack expertise in that area.

Any help in getting this issue solved would be greatly appreciated.



Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to