On 29.04.2016 15:34, GOLDBERG, RUSSELL J GG-12 USAF ACC 453 EWS/EWP wrote:
I'm not sure if this is possible do safely. Please read following links,
it may help, I'm not expert in this area.
I'm attempting to figure out if it's possible to configure IPA's web UI in such
a way that it can be accessed from both a private and a public network
I've installed IPA server (version 3.0.0) on a RHEL 6.7 host (ipa.dev.internal)
and configured an IPA domain (dev.internal). Our client machines reside on a
separate domain (dev.external) and network, which the IPA server is
additionally connected to.
>From hosts on the internal network (10.1.0.0/16), I am able to access the IPA
web UI without issue, as expected.
>From hosts on the external network (192.168.1.0/24), I was initially presented
with a blank screen when attempting to access the web UI.
I attempted to disable the httpd rewrite rules located in
/etc/httpd/conf.d/ipa-rewrite.conf and restarted the httpd server: this allowed
me to see the login page, but immediately presented me with a web app error
Lastly, I attempted to modify the ipa-rewrite.conf, replacing all instances of
the initial FQDN (ipa.dev.internal) with the public FQDN (ipa.dev.external):
this allowed me to see the login page and even to successfully submit login
credentials. However, upon entered valid login credentials I am immediately
redirected back to the login page in an infinite redirect loop.
Are there any glaring oversights I'm making? I imagine that the problem
ultimately lies with Kerberos (and possibly my external client's HTTP
referrer), but admittedly I lack expertise in that area.
Any help in getting this issue solved would be greatly appreciated.
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project