On 29.04.2016 15:34, GOLDBERG, RUSSELL J GG-12 USAF ACC 453 EWS/EWP wrote:
I'm attempting to figure out if it's possible to configure IPA's web UI in such 
a way that it can be accessed from both a private and a public network 

I've installed IPA server (version 3.0.0) on a RHEL 6.7 host (ipa.dev.internal) 
and configured an IPA domain (dev.internal). Our client machines reside on a 
separate domain (dev.external) and network, which the IPA server is 
additionally connected to.

>From hosts on the internal network (, I am able to access the IPA 
web UI without issue, as expected.

>From hosts on the external network (, I was initially presented 
with a blank screen when attempting to access the web UI.

I attempted to disable the httpd rewrite rules located in 
/etc/httpd/conf.d/ipa-rewrite.conf and restarted the httpd server: this allowed 
me to see the login page, but immediately presented me with a web app error 

Lastly, I attempted to modify the ipa-rewrite.conf, replacing all instances of 
the initial FQDN (ipa.dev.internal) with the public FQDN (ipa.dev.external): 
this allowed me to see the login page and even to successfully submit login 
credentials. However, upon entered valid login credentials I am immediately 
redirected back to the login page in an infinite redirect loop.

Are there any glaring oversights I'm making? I imagine that the problem 
ultimately lies with Kerberos (and possibly my external client's HTTP 
referrer), but admittedly I lack expertise in that area.

Any help in getting this issue solved would be greatly appreciated.



I'm not sure if this is possible do safely. Please read following links, it may help, I'm not expert in this area.


Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to