[Freeipa-devel] [PATCH 0016] Adds port to connection error message in ipa-client-install
Rob Crittenden
rcritten at redhat.com
Tue Oct 2 18:48:31 UTC 2012
Tomas Babej wrote:
> On 09/26/2012 09:32 PM, Rob Crittenden wrote:
>> Tomas Babej wrote:
>>> Hi,
>>>
>>> Connection error message in ipa-client-install now warns the user
>>> about the need of opening 389 port for directory server.
>>>
>>> https://fedorahosted.org/freeipa/ticket/2816
>>>
>>> I think this can be pushed as a one-liner.
>>
>> I think we should list all ports that are required for client enrollment.
>>
>> From my calculations we need at a minimum tcp ports 80 and 389, either
>> or both udp/tcp for port 88 and if NTP is enabled 123 udp for
>> enrollment alone. The NTP failure won't cause enrollment to fail
>> though, so we may be able to skip that.
>>
>> Similarly 464 should be enabled but we don't use it during enrollment.
>>
>> rob
> I improved the error message. Please check if there are any issues.
>
> Thanks
>
> Tomas
This only works if port 389 is blocked, not 88 or 80.
rob
More information about the Freeipa-devel
mailing list