[Freeipa-users] Antwort: Re: Antwort: Re: Multiple Domains and SSH

Jan Cholasta jcholast at redhat.com
Fri Nov 21 10:09:06 UTC 2014


It seems you added "ipaclient.mgmt.hss.int,ipaclient.hss.int" to fqdn, 
instead of adding "ipaclient.mgmt.hss.int" and "ipaclient.hss.int" 
separately.

Dne 21.11.2014 v 11:05 Christoph Kaminski napsal(a):
> with ipa 3.3.0 work your second solution but if I do it then I get
> errors in the gui if I go to the hosts settings there
>
> Error:
> ipaclient.mgmt.hss.int,ipaclient.hss.int: host not found
>
>
>
> both names are in configured as A Record in dns
>
> MfG
> Christoph Kaminski
>
>
>
> Von: Jan Cholasta <jcholast at redhat.com>
> An: Christoph Kaminski <christoph.kaminski at biotronik.com>
> Kopie: Jakub Hrozek <jhrozek at redhat.com>, Dmitri Pal <dpal at redhat.com>,
> "freeipa-users at redhat.com" <freeipa-users at redhat.com>
> Datum: 20.11.2014 13:08
> Betreff: Re: Antwort: Re: [Freeipa-users] Multiple Domains and SSH
> ------------------------------------------------------------------------
>
>
>
> Hi,
>
> Dne 19.11.2014 v 09:45 Christoph Kaminski napsal(a):
>  > this is an example of a host here and the ways how can I reach it via
> ssh:
>  > (they are all in dns forward and reverse resolving)
>
> (note I redacted the hostnames and IP addresses in the output below)
>
>  >
>  > host host.mgmt
>  > host.mgmt has address 192.168.1.1
>  > host 192.168.1.1
>  > 1.1.168.192.in-addr.arpa domain name pointer host.mgmt.
>  > host host.mydom.int
>  > host.mydom.int has address 192.168.2.1
>  > host 192.168.2.1
>  > 1.2.168.192.in-addr.arpa domain name pointer host.mydom.int.
>  > host host.mydom.net
>  > host.mydom.net has address 192.168.3.1
>  > host 192.168.3.1
>  > 1.3.168.192.in-addr.arpa domain name pointer host.mydom.net.
>
> So it's a host with multiple IP addresses? You have 2 options then:
>
>   1. Add a host entry with the SSH public key to IPA for each of the
> hostnames then, as Dmitri suggested.
>
>   2. Manually add the additional hostnames to the fqdn attribute of the
> host entry using ldapmodify.
>
>  >
>  > MfG
>  > Christoph Kaminski
>  >
>  >
>  >
>  >
>  > Von: Jan Cholasta <jcholast at redhat.com>
>  > An: Jakub Hrozek <jhrozek at redhat.com>, dpal at redhat.com
>  > Kopie: freeipa-users at redhat.com
>  > Datum: 19.11.2014 07:53
>  > Betreff: Re: [Freeipa-users] Multiple Domains and SSH
>  > Gesendet von: freeipa-users-bounces at redhat.com
>  > ------------------------------------------------------------------------
>  >
>  >
>  >
>  > Hi,
>  >
>  > Dne 18.11.2014 v 23:53 Jakub Hrozek napsal(a):
>  >  >
>  >  >> On 18 Nov 2014, at 23:12, Dmitri Pal <dpal at redhat.com> wrote:
>  >  >>
>  >  >> On 11/18/2014 01:07 AM, Christoph Kaminski wrote:
>  >  >>> Hi
>  >  >>>
>  >  >>> I can reach each host here via ssh on multiple domains:
>  >  >>>
>  >  >>> host.mydom.int
>  >  >>> host mydom.net
>  >  >>> host.mgmt
>  >  >>>
>  >  >>> sss_ssh_knownhostproxy does work only on the domain which I have
>  > use to register to ipa (mgmt), on the other domains I get ever "The
>  > authenticity of host 'host.mydom.int (<no hostip for proxy command>)'
>  > can't be established."... why?
>  >
>  > Because it does not know that the hostnames refer to the same host.
>  >
>  > Do you have a reverse DNS record set up for the host? Does it point to
>  > the same hostname that you used to register the host in IPA?
>  >
>  >  >>>
>  >  >>
>  >  >>
>  >  >> And other hosts in those domains are not registered?
>  >  >> May be you should try to add a host entry and SSH digest to IPA even
>  > if they are not enrolled?
>  >
>  > This would work too.
>  >
>  >  >>
>  >  >
>  >  > Maybe Honza would have some tips for debugging...
>  >
>  > See pages 13-16 of
>  >
> <http://www.freeipa.org/images/1/10/Freeipa30_SSSD_OpenSSH_integration.pdf>.
>  >
>  > Honza
>  >
>  > --
>  > Jan Cholasta
>  >
>  > --
>  > Manage your subscription for the Freeipa-users mailing list:
>  > https://www.redhat.com/mailman/listinfo/freeipa-users
>  > Go To http://freeipa.org
> <http://freeipa.org/><http://freeipa.org/>for more info on the project
>  >
>  >
>  >
>  > www.biotronik.com<http://www.biotronik.com <http://www.biotronik.com/>>
>  > ------------------------------------------------------------------------
>  > *BIOTRONIK - excellence for life*
>  > Established with the development of the first German pacemaker in 1963,
>  > BIOTRONIK has upheld the highest quality standards in the fields of
>  > cardiac rhythm management and vascular intervention in more than 100
>  > countries worldwide. We’ve developed advanced technologies and products
>  > such as BIOTRONIK Home Monitoring®, Closed Loop Stimulation (CLS) and
>  > Orsiro, the industry’s first hybrid drug eluting stent. BIOTRONIK also
>  > offers the broadest portfolio of cardiac devices with ProMRI®, an
>  > advanced technology that gives patients access to magnetic resonance
>  > (MR) scanning.
>  > ------------------------------------------------------------------------
>  > BIOTRONIK SE & Co. KG
>  > Woermannkehre 1, 12359 Berlin, Germany
>  > Sitz der Gesellschaft: Berlin, Registergericht: Berlin HRA 6501
>  >
>  > Vertreten durch ihre Komplementärin:
>  > BIOTRONIK MT SE
>  > Sitz der Gesellschaft: Berlin, Registergericht: Berlin HRB 118866 B
>  > Geschäftsführende Direktoren: Christoph Böhmer, Dr. Lothar Krings
>  > ------------------------------------------------------------------------
>  > This e-mail and the information it contains including attachments are
>  > confidential and meant only for use by the intended recipient(s);
>  > disclosure or copying is strictly prohibited. If you are not addressed,
>  > but in the possession of this e-mail, please notify the sender
>  > immediately and delete the document.
>
> Honza
>
> --
> Jan Cholasta
>
>
>
> www.biotronik.com <http://www.biotronik.com>
> ------------------------------------------------------------------------
> *BIOTRONIK - excellence for life*
> Established with the development of the first German pacemaker in 1963,
> BIOTRONIK has upheld the highest quality standards in the fields of
> cardiac rhythm management and vascular intervention in more than 100
> countries worldwide. We’ve developed advanced technologies and products
> such as BIOTRONIK Home Monitoring®, Closed Loop Stimulation (CLS) and
> Orsiro, the industry’s first hybrid drug eluting stent. BIOTRONIK also
> offers the broadest portfolio of cardiac devices with ProMRI®, an
> advanced technology that gives patients access to magnetic resonance
> (MR) scanning.
> ------------------------------------------------------------------------
> BIOTRONIK SE & Co. KG
> Woermannkehre 1, 12359 Berlin, Germany
> Sitz der Gesellschaft: Berlin, Registergericht: Berlin HRA 6501
>
> Vertreten durch ihre Komplementärin:
> BIOTRONIK MT SE
> Sitz der Gesellschaft: Berlin, Registergericht: Berlin HRB 118866 B
> Geschäftsführende Direktoren: Christoph Böhmer, Dr. Lothar Krings
> ------------------------------------------------------------------------
> This e-mail and the information it contains including attachments are
> confidential and meant only for use by the intended recipient(s);
> disclosure or copying is strictly prohibited. If you are not addressed,
> but in the possession of this e-mail, please notify the sender
> immediately and delete the document.


-- 
Jan Cholasta




More information about the Freeipa-users mailing list