[Freeipa-users] Antwort: Re: Antwort: Re: Multiple Domains and SSH
Jan Cholasta
jcholast at redhat.com
Fri Nov 21 10:09:06 UTC 2014
It seems you added "ipaclient.mgmt.hss.int,ipaclient.hss.int" to fqdn,
instead of adding "ipaclient.mgmt.hss.int" and "ipaclient.hss.int"
separately.
Dne 21.11.2014 v 11:05 Christoph Kaminski napsal(a):
> with ipa 3.3.0 work your second solution but if I do it then I get
> errors in the gui if I go to the hosts settings there
>
> Error:
> ipaclient.mgmt.hss.int,ipaclient.hss.int: host not found
>
>
>
> both names are in configured as A Record in dns
>
> MfG
> Christoph Kaminski
>
>
>
> Von: Jan Cholasta <jcholast at redhat.com>
> An: Christoph Kaminski <christoph.kaminski at biotronik.com>
> Kopie: Jakub Hrozek <jhrozek at redhat.com>, Dmitri Pal <dpal at redhat.com>,
> "freeipa-users at redhat.com" <freeipa-users at redhat.com>
> Datum: 20.11.2014 13:08
> Betreff: Re: Antwort: Re: [Freeipa-users] Multiple Domains and SSH
> ------------------------------------------------------------------------
>
>
>
> Hi,
>
> Dne 19.11.2014 v 09:45 Christoph Kaminski napsal(a):
> > this is an example of a host here and the ways how can I reach it via
> ssh:
> > (they are all in dns forward and reverse resolving)
>
> (note I redacted the hostnames and IP addresses in the output below)
>
> >
> > host host.mgmt
> > host.mgmt has address 192.168.1.1
> > host 192.168.1.1
> > 1.1.168.192.in-addr.arpa domain name pointer host.mgmt.
> > host host.mydom.int
> > host.mydom.int has address 192.168.2.1
> > host 192.168.2.1
> > 1.2.168.192.in-addr.arpa domain name pointer host.mydom.int.
> > host host.mydom.net
> > host.mydom.net has address 192.168.3.1
> > host 192.168.3.1
> > 1.3.168.192.in-addr.arpa domain name pointer host.mydom.net.
>
> So it's a host with multiple IP addresses? You have 2 options then:
>
> 1. Add a host entry with the SSH public key to IPA for each of the
> hostnames then, as Dmitri suggested.
>
> 2. Manually add the additional hostnames to the fqdn attribute of the
> host entry using ldapmodify.
>
> >
> > MfG
> > Christoph Kaminski
> >
> >
> >
> >
> > Von: Jan Cholasta <jcholast at redhat.com>
> > An: Jakub Hrozek <jhrozek at redhat.com>, dpal at redhat.com
> > Kopie: freeipa-users at redhat.com
> > Datum: 19.11.2014 07:53
> > Betreff: Re: [Freeipa-users] Multiple Domains and SSH
> > Gesendet von: freeipa-users-bounces at redhat.com
> > ------------------------------------------------------------------------
> >
> >
> >
> > Hi,
> >
> > Dne 18.11.2014 v 23:53 Jakub Hrozek napsal(a):
> > >
> > >> On 18 Nov 2014, at 23:12, Dmitri Pal <dpal at redhat.com> wrote:
> > >>
> > >> On 11/18/2014 01:07 AM, Christoph Kaminski wrote:
> > >>> Hi
> > >>>
> > >>> I can reach each host here via ssh on multiple domains:
> > >>>
> > >>> host.mydom.int
> > >>> host mydom.net
> > >>> host.mgmt
> > >>>
> > >>> sss_ssh_knownhostproxy does work only on the domain which I have
> > use to register to ipa (mgmt), on the other domains I get ever "The
> > authenticity of host 'host.mydom.int (<no hostip for proxy command>)'
> > can't be established."... why?
> >
> > Because it does not know that the hostnames refer to the same host.
> >
> > Do you have a reverse DNS record set up for the host? Does it point to
> > the same hostname that you used to register the host in IPA?
> >
> > >>>
> > >>
> > >>
> > >> And other hosts in those domains are not registered?
> > >> May be you should try to add a host entry and SSH digest to IPA even
> > if they are not enrolled?
> >
> > This would work too.
> >
> > >>
> > >
> > > Maybe Honza would have some tips for debugging...
> >
> > See pages 13-16 of
> >
> <http://www.freeipa.org/images/1/10/Freeipa30_SSSD_OpenSSH_integration.pdf>.
> >
> > Honza
> >
> > --
> > Jan Cholasta
> >
> > --
> > Manage your subscription for the Freeipa-users mailing list:
> > https://www.redhat.com/mailman/listinfo/freeipa-users
> > Go To http://freeipa.org
> <http://freeipa.org/><http://freeipa.org/>for more info on the project
> >
> >
> >
> > www.biotronik.com<http://www.biotronik.com <http://www.biotronik.com/>>
> > ------------------------------------------------------------------------
> > *BIOTRONIK - excellence for life*
> > Established with the development of the first German pacemaker in 1963,
> > BIOTRONIK has upheld the highest quality standards in the fields of
> > cardiac rhythm management and vascular intervention in more than 100
> > countries worldwide. We’ve developed advanced technologies and products
> > such as BIOTRONIK Home Monitoring®, Closed Loop Stimulation (CLS) and
> > Orsiro, the industry’s first hybrid drug eluting stent. BIOTRONIK also
> > offers the broadest portfolio of cardiac devices with ProMRI®, an
> > advanced technology that gives patients access to magnetic resonance
> > (MR) scanning.
> > ------------------------------------------------------------------------
> > BIOTRONIK SE & Co. KG
> > Woermannkehre 1, 12359 Berlin, Germany
> > Sitz der Gesellschaft: Berlin, Registergericht: Berlin HRA 6501
> >
> > Vertreten durch ihre Komplementärin:
> > BIOTRONIK MT SE
> > Sitz der Gesellschaft: Berlin, Registergericht: Berlin HRB 118866 B
> > Geschäftsführende Direktoren: Christoph Böhmer, Dr. Lothar Krings
> > ------------------------------------------------------------------------
> > This e-mail and the information it contains including attachments are
> > confidential and meant only for use by the intended recipient(s);
> > disclosure or copying is strictly prohibited. If you are not addressed,
> > but in the possession of this e-mail, please notify the sender
> > immediately and delete the document.
>
> Honza
>
> --
> Jan Cholasta
>
>
>
> www.biotronik.com <http://www.biotronik.com>
> ------------------------------------------------------------------------
> *BIOTRONIK - excellence for life*
> Established with the development of the first German pacemaker in 1963,
> BIOTRONIK has upheld the highest quality standards in the fields of
> cardiac rhythm management and vascular intervention in more than 100
> countries worldwide. We’ve developed advanced technologies and products
> such as BIOTRONIK Home Monitoring®, Closed Loop Stimulation (CLS) and
> Orsiro, the industry’s first hybrid drug eluting stent. BIOTRONIK also
> offers the broadest portfolio of cardiac devices with ProMRI®, an
> advanced technology that gives patients access to magnetic resonance
> (MR) scanning.
> ------------------------------------------------------------------------
> BIOTRONIK SE & Co. KG
> Woermannkehre 1, 12359 Berlin, Germany
> Sitz der Gesellschaft: Berlin, Registergericht: Berlin HRA 6501
>
> Vertreten durch ihre Komplementärin:
> BIOTRONIK MT SE
> Sitz der Gesellschaft: Berlin, Registergericht: Berlin HRB 118866 B
> Geschäftsführende Direktoren: Christoph Böhmer, Dr. Lothar Krings
> ------------------------------------------------------------------------
> This e-mail and the information it contains including attachments are
> confidential and meant only for use by the intended recipient(s);
> disclosure or copying is strictly prohibited. If you are not addressed,
> but in the possession of this e-mail, please notify the sender
> immediately and delete the document.
--
Jan Cholasta
More information about the Freeipa-users
mailing list