I'm attempting to figure out if it's possible to configure IPA's web UI in such a way that it can be accessed from both a private and a public network infrastructure.
I've installed IPA server (version 3.0.0) on a RHEL 6.7 host (ipa.dev.internal) and configured an IPA domain (dev.internal). Our client machines reside on a separate domain (dev.external) and network, which the IPA server is additionally connected to. >From hosts on the internal network (10.1.0.0/16), I am able to access the IPA >web UI without issue, as expected. >From hosts on the external network (192.168.1.0/24), I was initially presented >with a blank screen when attempting to access the web UI. I attempted to disable the httpd rewrite rules located in /etc/httpd/conf.d/ipa-rewrite.conf and restarted the httpd server: this allowed me to see the login page, but immediately presented me with a web app error dialog. Lastly, I attempted to modify the ipa-rewrite.conf, replacing all instances of the initial FQDN (ipa.dev.internal) with the public FQDN (ipa.dev.external): this allowed me to see the login page and even to successfully submit login credentials. However, upon entered valid login credentials I am immediately redirected back to the login page in an infinite redirect loop. Are there any glaring oversights I'm making? I imagine that the problem ultimately lies with Kerberos (and possibly my external client's HTTP referrer), but admittedly I lack expertise in that area. Any help in getting this issue solved would be greatly appreciated. Thanks, Russell -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project