Ok guys,
I have a FreeIPA server with 2 interfaces. The primary is for normal usage and is the one that FreeIPA is set up with with regards to hostname and services. The other one is on an administrative network. The Web UI works fine on the primary interface, but I can't really access it on the other interface. It's obvious that the services bind to the primary interface, but isn't it possible to access the UI on the other interface somehow?
TIA
/tony
On ma, 20 tammi 2020, Tony Brian Albers via FreeIPA-users wrote:
Ok guys,
I have a FreeIPA server with 2 interfaces. The primary is for normal usage and is the one that FreeIPA is set up with with regards to hostname and services. The other one is on an administrative network. The Web UI works fine on the primary interface, but I can't really access it on the other interface. It's obvious that the services bind to the primary interface, but isn't it possible to access the UI on the other interface somehow?
Short answer: not now. For details see https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
On Mon, 2020-01-20 at 13:55 +0200, Alexander Bokovoy wrote:
On ma, 20 tammi 2020, Tony Brian Albers via FreeIPA-users wrote:
Ok guys,
I have a FreeIPA server with 2 interfaces. The primary is for normal usage and is the one that FreeIPA is set up with with regards to hostname and services. The other one is on an administrative network. The Web UI works fine on the primary interface, but I can't really access it on the other interface. It's obvious that the services bind to the primary interface, but isn't it possible to access the UI on the other interface somehow?
Short answer: not now. For details see https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
Thx Alex,
I guess we'll manage without.
/tony
I haven’t tried this for the IPA server, but we have servers with two interfaces, one for general use and one as a storage backend network.
We can’t just list both IPs in an A record, because then normal traffic will try to go through the backend, which it can’t get to.
What I ended up doing was maintaining a separate /etc/hosts for the machines with dual interfaces on the backend network. That file shows both IPs for each of the hosts as associated with the main hostname. Systems without an interface on that network don’t get that /etc/hosts, so they only see the primary address.
Then we use /etc/gai.conf to tell DNS to prefer the backend address. Of course that file is installed only on the dual-interface hosts.
We use anbiel to distribute the files, so keeping them up to date and in sync isn’t a problem, but we do have to add an entry to the special /etc/hosts everything we add a host with a second interface on that network.
I would guess that some variation of this might help with your situation.
On Jan 20, 2020, at 8:24 AM, Tony Brian Albers via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
On Mon, 2020-01-20 at 13:55 +0200, Alexander Bokovoy wrote:
On ma, 20 tammi 2020, Tony Brian Albers via FreeIPA-users wrote:
Ok guys,
I have a FreeIPA server with 2 interfaces. The primary is for normal usage and is the one that FreeIPA is set up with with regards to hostname and services. The other one is on an administrative network. The Web UI works fine on the primary interface, but I can't really access it on the other interface. It's obvious that the services bind to the primary interface, but isn't it possible to access the UI on the other interface somehow?
Short answer: not now. For details see https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
Thx Alex,
I guess we'll manage without.
/tony _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
freeipa-users@lists.fedorahosted.org
-
Alexander Bokovoy -
Charles Hedrick -
Tony Brian Albers