Yup, we do it on several of our web servers...It's actually really cut and dry, that last section of that page you referenced is accurate and it's dead simple.
On 08/11/2017 03:01 PM, William Muriithi via FreeIPA-users wrote:
Afternoon,
I am attempting to add redundancy to a system that we are currently using and that use apache as web server. The apache is using IPA for user authentication
To do this, I will have to use a load balancer in front of the two servers and the original setup don't seem to work fine with the load balancer in front. For one, the load balancer is not an IPA client, so can't setup Service Principal Name there.
Is this kind of setup supported currently by IPA? Have anyone deployed it and wouldn't mind sharing the experience? I am just a bit cautions taking the steps as the system is already in production. I have researched this morning and the only link I see is this.
https://www.freeipa.org/page/V4/Keytab_Retrieval
Not sure if it was ever implemented as there is no discussion of it on the Free-IPA mailing list
IPA server: ipa-server-4.4.0-14.el7_3.6.x86_64
Apache: (IPA client) httpd-2.4.6-45.el7
Regards, William _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org