The IP address provided to ipa-server-install must be local

Compare the configured interfaces with the supplied IP address and
optional netmask to determine if the interface is available.

https://fedorahosted.org/freeipa/ticket/1175

2 files changed, 6 insertions, 3 deletions

diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install
index 886d391a2..7c81dbec6 100755
--- a/install/tools/ipa-server-install
+++ b/install/tools/ipa-server-install
@@ -597,7 +597,7 @@ def main():
     # Check we have a public IP that is associated with the hostname
     hostaddr = resolve_host(host_name)
     if hostaddr is not None:
-        ip = CheckedIPAddress(hostaddr)
+        ip = CheckedIPAddress(hostaddr, match_local=True)
     else:
         if not options.ip_address:
             print "Unable to resolve IP address for host name"
diff --git a/ipapython/ipautil.py b/ipapython/ipautil.py
index ed8f04af5..91d19e95f 100644
--- a/ipapython/ipautil.py
+++ b/ipapython/ipautil.py
@@ -66,7 +66,7 @@ def get_domain_name():
     return domain_name
 
 class CheckedIPAddress(netaddr.IPAddress):
-    def __init__(self, addr, match_local=True, parse_netmask=True):
+    def __init__(self, addr, match_local=False, parse_netmask=True):
         if isinstance(addr, CheckedIPAddress):
             super(CheckedIPAddress, self).__init__(addr)
             self.prefixlen = addr.prefixlen
@@ -117,11 +117,14 @@ class CheckedIPAddress(netaddr.IPAddress):
                     continue
 
                 ifnet = netaddr.IPNetwork(fields[3])
-                if ifnet == net or ifnet.ip == addr:
+                if ifnet == net or (net is None and ifnet.ip == addr):
                     net = ifnet
                     iface = fields[1]
                     break
 
+            if iface is None:
+                raise ValueError('No network interface matches the provided IP address and netmask')
+
         if net is None:
             defnet = True
             if addr.version == 4: