On Fri, 2020-05-08 at 10:27 +0000, Rob van Halteren via FreeIPA-users
wrote:
Hello,
I have network consisting out a LAN,WLAN,DMZ and a PRODUCTION network, separated by a
firewall that performs the routing and connections to the outside world.
I want to introduce Identity management using a FreeIPA server for my network. Most
client machines will be on the LAN network, but not all.
Most servers reside on the PRODUCTION network
I am trying to figure out where to place the FeeIPA server in this network.
I want to be able to authenticate all servers,client machines and also be able to
authenticate client machines that are connected via a VPN connection that is hosted on the
firewall.
Sorry for having to ask this. I have been looking around on the net and this list but
found little help on this topic.
Any advice would be welcome.
I placed my IdM server in the Lan, and then poked holes in the firewall.
In your case placing it in PRODUCTION would be just as fine, as long as all other networks
can route to it.
Simo.
--
Simo Sorce
RHEL Crypto Team
Red Hat, Inc