[Freeipa-users] Antwort: Re: Antwort: Re: Antwort: Re: Multiple Domains and SSH
Jan Cholasta
jcholast at redhat.com
Fri Nov 21 14:50:29 UTC 2014
Right, I forgot that this is the way IPA sent multi-value primary keys
before version 4.0, sorry.
If you require working web UI, the only alternative is adding a host
entry for each hostname then.
Dne 21.11.2014 v 13:56 Christoph Kaminski napsal(a):
> no have added it in 2 fqdn attributes
>
> MfG
> Christoph Kaminski
>
>
>
> Von: Jan Cholasta <jcholast at redhat.com>
> An: Christoph Kaminski <christoph.kaminski at biotronik.com>
> Kopie: "freeipa-users at redhat.com" <freeipa-users at redhat.com>
> Datum: 21.11.2014 11:09
> Betreff: Re: Antwort: Re: Antwort: Re: [Freeipa-users] Multiple Domains
> and SSH
> ------------------------------------------------------------------------
>
>
>
> It seems you added "ipaclient.mgmt.hss.int,ipaclient.hss.int" to fqdn,
> instead of adding "ipaclient.mgmt.hss.int" and "ipaclient.hss.int"
> separately.
>
> Dne 21.11.2014 v 11:05 Christoph Kaminski napsal(a):
> > with ipa 3.3.0 work your second solution but if I do it then I get
> > errors in the gui if I go to the hosts settings there
> >
> > Error:
> > ipaclient.mgmt.hss.int,ipaclient.hss.int: host not found
> >
> >
> >
> > both names are in configured as A Record in dns
> >
> > MfG
> > Christoph Kaminski
> >
> >
> >
> > Von: Jan Cholasta <jcholast at redhat.com>
> > An: Christoph Kaminski <christoph.kaminski at biotronik.com>
> > Kopie: Jakub Hrozek <jhrozek at redhat.com>, Dmitri Pal <dpal at redhat.com>,
> > "freeipa-users at redhat.com" <freeipa-users at redhat.com>
> > Datum: 20.11.2014 13:08
> > Betreff: Re: Antwort: Re: [Freeipa-users] Multiple Domains and SSH
> > ------------------------------------------------------------------------
> >
> >
> >
> > Hi,
> >
> > Dne 19.11.2014 v 09:45 Christoph Kaminski napsal(a):
> > > this is an example of a host here and the ways how can I reach it via
> > ssh:
> > > (they are all in dns forward and reverse resolving)
> >
> > (note I redacted the hostnames and IP addresses in the output below)
> >
> > >
> > > host host.mgmt
> > > host.mgmt has address 192.168.1.1
> > > host 192.168.1.1
> > > 1.1.168.192.in-addr.arpa domain name pointer host.mgmt.
> > > host host.mydom.int
> > > host.mydom.int has address 192.168.2.1
> > > host 192.168.2.1
> > > 1.2.168.192.in-addr.arpa domain name pointer host.mydom.int.
> > > host host.mydom.net
> > > host.mydom.net has address 192.168.3.1
> > > host 192.168.3.1
> > > 1.3.168.192.in-addr.arpa domain name pointer host.mydom.net.
> >
> > So it's a host with multiple IP addresses? You have 2 options then:
> >
> > 1. Add a host entry with the SSH public key to IPA for each of the
> > hostnames then, as Dmitri suggested.
> >
> > 2. Manually add the additional hostnames to the fqdn attribute of the
> > host entry using ldapmodify.
> >
> > >
> > > MfG
> > > Christoph Kaminski
> > >
> > >
> > >
> > >
> > > Von: Jan Cholasta <jcholast at redhat.com>
> > > An: Jakub Hrozek <jhrozek at redhat.com>, dpal at redhat.com
> > > Kopie: freeipa-users at redhat.com
> > > Datum: 19.11.2014 07:53
> > > Betreff: Re: [Freeipa-users] Multiple Domains and SSH
> > > Gesendet von: freeipa-users-bounces at redhat.com
> > >
> ------------------------------------------------------------------------
> > >
> > >
> > >
> > > Hi,
> > >
> > > Dne 18.11.2014 v 23:53 Jakub Hrozek napsal(a):
> > > >
> > > >> On 18 Nov 2014, at 23:12, Dmitri Pal <dpal at redhat.com> wrote:
> > > >>
> > > >> On 11/18/2014 01:07 AM, Christoph Kaminski wrote:
> > > >>> Hi
> > > >>>
> > > >>> I can reach each host here via ssh on multiple domains:
> > > >>>
> > > >>> host.mydom.int
> > > >>> host mydom.net
> > > >>> host.mgmt
> > > >>>
> > > >>> sss_ssh_knownhostproxy does work only on the domain which I have
> > > use to register to ipa (mgmt), on the other domains I get ever "The
> > > authenticity of host 'host.mydom.int (<no hostip for proxy command>)'
> > > can't be established."... why?
> > >
> > > Because it does not know that the hostnames refer to the same host.
> > >
> > > Do you have a reverse DNS record set up for the host? Does it point to
> > > the same hostname that you used to register the host in IPA?
> > >
> > > >>>
> > > >>
> > > >>
> > > >> And other hosts in those domains are not registered?
> > > >> May be you should try to add a host entry and SSH digest to
> IPA even
> > > if they are not enrolled?
> > >
> > > This would work too.
> > >
> > > >>
> > > >
> > > > Maybe Honza would have some tips for debugging...
> > >
> > > See pages 13-16 of
> > >
> >
> <http://www.freeipa.org/images/1/10/Freeipa30_SSSD_OpenSSH_integration.pdf>.
> > >
> > > Honza
> > >
> > > --
> > > Jan Cholasta
> > >
> > > --
> > > Manage your subscription for the Freeipa-users mailing list:
> > > https://www.redhat.com/mailman/listinfo/freeipa-users
> > > Go To http://freeipa.org <http://freeipa.org/>
> > <http://freeipa.org/><http://freeipa.org/>for more info on the project
> > >
> > >
> > >
> > > www.biotronik.com<http://www.biotronik.com
> <http://www.biotronik.com/><http://www.biotronik.com/>>
> > >
> ------------------------------------------------------------------------
> > > *BIOTRONIK - excellence for life*
> > > Established with the development of the first German pacemaker in
> 1963,
> > > BIOTRONIK has upheld the highest quality standards in the fields of
> > > cardiac rhythm management and vascular intervention in more than 100
> > > countries worldwide. We’ve developed advanced technologies and
> products
> > > such as BIOTRONIK Home Monitoring®, Closed Loop Stimulation (CLS) and
> > > Orsiro, the industry’s first hybrid drug eluting stent. BIOTRONIK also
> > > offers the broadest portfolio of cardiac devices with ProMRI®, an
> > > advanced technology that gives patients access to magnetic resonance
> > > (MR) scanning.
> > >
> ------------------------------------------------------------------------
> > > BIOTRONIK SE & Co. KG
> > > Woermannkehre 1, 12359 Berlin, Germany
> > > Sitz der Gesellschaft: Berlin, Registergericht: Berlin HRA 6501
> > >
> > > Vertreten durch ihre Komplementärin:
> > > BIOTRONIK MT SE
> > > Sitz der Gesellschaft: Berlin, Registergericht: Berlin HRB 118866 B
> > > Geschäftsführende Direktoren: Christoph Böhmer, Dr. Lothar Krings
> > >
> ------------------------------------------------------------------------
> > > This e-mail and the information it contains including attachments are
> > > confidential and meant only for use by the intended recipient(s);
> > > disclosure or copying is strictly prohibited. If you are not
> addressed,
> > > but in the possession of this e-mail, please notify the sender
> > > immediately and delete the document.
> >
> > Honza
> >
> > --
> > Jan Cholasta
> >
> >
> >
> > www.biotronik.com<http://www.biotronik.com <http://www.biotronik.com/>>
> > ------------------------------------------------------------------------
> > *BIOTRONIK - excellence for life*
> > Established with the development of the first German pacemaker in 1963,
> > BIOTRONIK has upheld the highest quality standards in the fields of
> > cardiac rhythm management and vascular intervention in more than 100
> > countries worldwide. We’ve developed advanced technologies and products
> > such as BIOTRONIK Home Monitoring®, Closed Loop Stimulation (CLS) and
> > Orsiro, the industry’s first hybrid drug eluting stent. BIOTRONIK also
> > offers the broadest portfolio of cardiac devices with ProMRI®, an
> > advanced technology that gives patients access to magnetic resonance
> > (MR) scanning.
> > ------------------------------------------------------------------------
> > BIOTRONIK SE & Co. KG
> > Woermannkehre 1, 12359 Berlin, Germany
> > Sitz der Gesellschaft: Berlin, Registergericht: Berlin HRA 6501
> >
> > Vertreten durch ihre Komplementärin:
> > BIOTRONIK MT SE
> > Sitz der Gesellschaft: Berlin, Registergericht: Berlin HRB 118866 B
> > Geschäftsführende Direktoren: Christoph Böhmer, Dr. Lothar Krings
> > ------------------------------------------------------------------------
> > This e-mail and the information it contains including attachments are
> > confidential and meant only for use by the intended recipient(s);
> > disclosure or copying is strictly prohibited. If you are not addressed,
> > but in the possession of this e-mail, please notify the sender
> > immediately and delete the document.
>
>
> --
> Jan Cholasta
>
>
>
> www.biotronik.com <http://www.biotronik.com>
> ------------------------------------------------------------------------
> *BIOTRONIK - excellence for life*
> Established with the development of the first German pacemaker in 1963,
> BIOTRONIK has upheld the highest quality standards in the fields of
> cardiac rhythm management and vascular intervention in more than 100
> countries worldwide. We’ve developed advanced technologies and products
> such as BIOTRONIK Home Monitoring®, Closed Loop Stimulation (CLS) and
> Orsiro, the industry’s first hybrid drug eluting stent. BIOTRONIK also
> offers the broadest portfolio of cardiac devices with ProMRI®, an
> advanced technology that gives patients access to magnetic resonance
> (MR) scanning.
> ------------------------------------------------------------------------
> BIOTRONIK SE & Co. KG
> Woermannkehre 1, 12359 Berlin, Germany
> Sitz der Gesellschaft: Berlin, Registergericht: Berlin HRA 6501
>
> Vertreten durch ihre Komplementärin:
> BIOTRONIK MT SE
> Sitz der Gesellschaft: Berlin, Registergericht: Berlin HRB 118866 B
> Geschäftsführende Direktoren: Christoph Böhmer, Dr. Lothar Krings
> ------------------------------------------------------------------------
> This e-mail and the information it contains including attachments are
> confidential and meant only for use by the intended recipient(s);
> disclosure or copying is strictly prohibited. If you are not addressed,
> but in the possession of this e-mail, please notify the sender
> immediately and delete the document.
--
Jan Cholasta
More information about the Freeipa-users
mailing list