On Fri, 2020-05-08 at 10:27 +0000, Rob van Halteren via FreeIPA-users wrote: > Hello, > > I have network consisting out a LAN,WLAN,DMZ and a PRODUCTION network, > separated by a firewall that performs the routing and connections to the > outside world. > I want to introduce Identity management using a FreeIPA server for my > network. Most client machines will be on the LAN network, but not all. > Most servers reside on the PRODUCTION network > > I am trying to figure out where to place the FeeIPA server in this network. > I want to be able to authenticate all servers,client machines and also be > able to authenticate client machines that are connected via a VPN connection > that is hosted on the firewall. > > Sorry for having to ask this. I have been looking around on the net and this > list but found little help on this topic. > Any advice would be welcome.
I placed my IdM server in the Lan, and then poked holes in the firewall. In your case placing it in PRODUCTION would be just as fine, as long as all other networks can route to it. Simo. -- Simo Sorce RHEL Crypto Team Red Hat, Inc _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
