On Monday, November 17th, 2025 at 11:16 AM, Alexander Bokovoy via FreeIPA-users <[email protected]> wrote:
> > > On Пан, 17 ліс 2025, Antoine Gatineau via FreeIPA-users wrote: > > > Hello community, > > > > I'm trying to deploy a freeipa cluster using multiple interfaces. > > eth0: just ssh access > > eth1: replication between replicas > > eth2: client to server communication > > > > Each interface/ip would have a corresponding hostname. > > > > Is this a viable solution? > > I understand that certificates would need to be modified in order to be > > valid for all hostnames. It is possible to overwrite the certificates > > during installation (for http, ldap and pkinit) but that means > > maintaining those certificates manually. Can the configuration be > > modified to include extra hostnames in the automatic certificate > > generation? > > > > Is there anything else that needs to be tuned for that? > > > > Has anyone done such a deployment? > > > I haven't done a deployment but I did a research some time ago to see > what needs to be handled to even consider this use case. You can read it > here: https://vda.li/en/posts/2023/08/16/Support-multi-homed-FreeIPA-Server/ > Thank you for the link. It is very useful. It brings light to some deeper constraints in ldap and pki. I will look more into this and hope we can implement dns split views here :) I don't want to start tinkering that much in a production setup. And how knows, this feature might come in a near future, that would be great. Kind regards > This is pretty much unsupported use case right now. > > -- > / Alexander Bokovoy > Sr. Principal Software Engineer > Security / Identity Management Engineering > Red Hat Limited, Finland > > -- > _______________________________________________ > FreeIPA-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue -- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
