Ok.. something else must be causing trouble because it works if I use the IPv4 public
address, but
it doesn't work with the IPv6 one (even though I have communication with it).
Any ideas would be appreciated ;)
On Sun, 2022-08-14 at 15:12 +0100, Carlos Mogas da Silva via FreeIPA-users wrote:
Hi list!
I'm having a problem where a, in this case, IMAP server (dovecot), configured to do
auth via
GSSAPI,
doesn't authenticate clients coming from the NATed IP it has. Physically it only has
a private IP
attached (10.1.0.0/8) but it also has a NATed public IP from the internet. The NAT is
done on the
router/firewall before it get's to the server itself.
I've read about extra_addresses on the /etc/krb5.conf file but that doesn't look
like it does the
trick of making the authentication work.
If I somehow force the clients to authenticate to the private IP (via hosts file for
example), the
auth succeeds.
Is this fixable? Thanks!
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue