subject:"\[Freeipa\-users\] Re\: Two interfaces on FreeIPA server.. How\?"

[Freeipa-users] Re: Two interfaces on FreeIPA server.. How?

2020-01-21 Thread Charles Hedrick via FreeIPA-users

I haven’t tried this for the IPA server, but we have servers with two 
interfaces, one for general use and one as a storage backend network. 

We can’t just list both IPs in an A record, because then normal traffic will 
try to go through the backend, which it can’t get to.

What I ended up doing was maintaining a separate /etc/hosts for the machines 
with dual interfaces on the backend network. That file shows both IPs for each 
of the hosts as associated with the main hostname. Systems without an interface 
on that network don’t get that /etc/hosts, so they only see the primary address.

Then we use /etc/gai.conf to tell DNS to prefer the backend address. Of course 
that file is installed only on the dual-interface hosts.

We use anbiel to distribute the files, so keeping them up to date and in sync 
isn’t a problem, but we do have to add an entry to the special /etc/hosts 
everything we add a host with a second interface on that network.

I would guess that some variation of this might help with your situation. 

> On Jan 20, 2020, at 8:24 AM, Tony Brian Albers via FreeIPA-users 
>  wrote:
> 
> On Mon, 2020-01-20 at 13:55 +0200, Alexander Bokovoy wrote:
>> On ma, 20 tammi 2020, Tony Brian Albers via FreeIPA-users wrote:
>>> Ok guys,
>>> 
>>> I have a FreeIPA server with 2 interfaces. The primary is for
>>> normal
>>> usage and is the one that FreeIPA is set up with with regards to
>>> hostname and services. The other one is on an administrative
>>> network.
>>> The Web UI works fine on the primary interface, but I can't really
>>> access it on the other interface. It's obvious that the services
>>> bind
>>> to the primary interface, but isn't it possible to access the UI on
>>> the
>>> other interface somehow?
>> 
>> Short answer: not now.
>> For details see 
>> https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org/thread/VN3RXS36GFK4JMZCCSHPJ3DKLSBEXDE4/
>> 
> 
> Thx Alex,
> 
> I guess we'll manage without.
> 
> /tony
> ___
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
> Fedora Code of Conduct: 
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: 
> https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org

___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org

[Freeipa-users] Re: Two interfaces on FreeIPA server.. How?

2020-01-20 Thread Tony Brian Albers via FreeIPA-users

On Mon, 2020-01-20 at 13:55 +0200, Alexander Bokovoy wrote:
> On ma, 20 tammi 2020, Tony Brian Albers via FreeIPA-users wrote:
> > Ok guys,
> > 
> > I have a FreeIPA server with 2 interfaces. The primary is for
> > normal
> > usage and is the one that FreeIPA is set up with with regards to
> > hostname and services. The other one is on an administrative
> > network.
> > The Web UI works fine on the primary interface, but I can't really
> > access it on the other interface. It's obvious that the services
> > bind
> > to the primary interface, but isn't it possible to access the UI on
> > the
> > other interface somehow?
> 
> Short answer: not now.
> For details see 
> https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org/thread/VN3RXS36GFK4JMZCCSHPJ3DKLSBEXDE4/
> 

Thx Alex,

I guess we'll manage without.

/tony
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org

[Freeipa-users] Re: Two interfaces on FreeIPA server.. How?

2020-01-20 Thread Alexander Bokovoy via FreeIPA-users


On ma, 20 tammi 2020, Tony Brian Albers via FreeIPA-users wrote:

Ok guys,

I have a FreeIPA server with 2 interfaces. The primary is for normal
usage and is the one that FreeIPA is set up with with regards to
hostname and services. The other one is on an administrative network.
The Web UI works fine on the primary interface, but I can't really
access it on the other interface. It's obvious that the services bind
to the primary interface, but isn't it possible to access the UI on the
other interface somehow?


Short answer: not now.
For details see 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org/thread/VN3RXS36GFK4JMZCCSHPJ3DKLSBEXDE4/

--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org

[Freeipa-users] Re: Two interfaces on FreeIPA server.. How?

[Freeipa-users] Re: Two interfaces on FreeIPA server.. How?

[Freeipa-users] Re: Two interfaces on FreeIPA server.. How?

3 matches

Site Navigation

Mail list logo

Footer information