<div dir="ltr">Hello, <div> I've been searching around trying to figure out about the ipv4 vs the ipv6 interfaces for a freeipa server. According to the instructions I see that: </div><div> </div><div>FreeIPA uses Samba as part of its Active Directory integration and Samba requires enabled IPv6 stack on the machine.Adding <tt>ipv6.disable=1</tt> to the kernel commandline disables the whole IPv6 stack and breaks Samba.Adding <tt>ipv6.disable_ipv6=1</tt> will keep the IPv6 stack functional but will not assign IPv6 addresses to any of your network devices. This is recommeneded approach for cases when you don't use IPv6 networking. I am only using ipv4 on our network. So I managed to set this up and this helped remove some of the services that were running on ipv6. I've configured freeipa server and can verify that the DNS part of the server is working as I can query it with DIG. I also notice this is working because bind is listening on the ipv4 and ipv6 interfaces. This is also true for sshd. It's on both interfaces so I can log in with ssh. I can even (locally on the ipa server) issue ldapsearch commands against the ldap database. The problem comes from when I try to add a client or query the server with ldap commands on another machine. What I suspect is that even though I disabled ipv6 it looks like the directory server is still ONLY listening to on the ipv6 interface as there isn't anything listed for ipv4. So I suspect this is why I can't query it remotely as it's only on ipv6. </div><div> </div><div> netstat -ln Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 <a href="http://127.0.0.1:8005">127.0.0.1:8005</a> 0.0.0.0:* LISTEN tcp 0 0 <a href="http://127.0.0.1:8009">127.0.0.1:8009</a> 0.0.0.0:* LISTEN tcp 0 0 <a href="http://0.0.0.0:749">0.0.0.0:749</a> 0.0.0.0:* LISTEN tcp 0 0 <a href="http://0.0.0.0:8080">0.0.0.0:8080</a> 0.0.0.0:* LISTEN tcp 0 0 <a href="http://0.0.0.0:80">0.0.0.0:80</a> 0.0.0.0:* LISTEN tcp 0 0 <a href="http://0.0.0.0:464">0.0.0.0:464</a> 0.0.0.0:* LISTEN tcp 0 0 <PRIMARYIP>:53 0.0.0.0:* LISTEN tcp 0 0 <a href="http://127.0.0.1:53">127.0.0.1:53</a> 0.0.0.0:* LISTEN tcp 0 0 <a href="http://0.0.0.0:22">0.0.0.0:22</a> 0.0.0.0:* LISTEN tcp 0 0 <a href="http://0.0.0.0:88">0.0.0.0:88</a> 0.0.0.0:* LISTEN tcp 0 0 <a href="http://127.0.0.1:953">127.0.0.1:953</a> 0.0.0.0:* LISTEN tcp 0 0 <a href="http://127.0.0.1:25">127.0.0.1:25</a> 0.0.0.0:* LISTEN tcp 0 0 <a href="http://0.0.0.0:8443">0.0.0.0:8443</a> 0.0.0.0:* LISTEN tcp 0 0 <a href="http://0.0.0.0:443">0.0.0.0:443</a> 0.0.0.0:* LISTEN tcp6 0 0 :::389 :::* LISTEN tcp6 0 0 :::749 :::* LISTEN tcp6 0 0 :::464 :::* LISTEN tcp6 0 0 :::53 :::* LISTEN tcp6 0 0 :::22 :::* LISTEN tcp6 0 0 :::88 :::* LISTEN tcp6 0 0 :::636 :::* LISTEN udp 0 0 <PRIMARYIP>:53 0.0.0.0:* udp 0 0 <a href="http://127.0.0.1:53">127.0.0.1:53</a> 0.0.0.0:* udp 0 0 <a href="http://0.0.0.0:68">0.0.0.0:68</a> 0.0.0.0:* udp 0 0 <a href="http://0.0.0.0:88">0.0.0.0:88</a> 0.0.0.0:* udp 0 0 <PRIMARYIP>:123 0.0.0.0:* udp 0 0 <a href="http://127.0.0.1:123">127.0.0.1:123</a> 0.0.0.0:* udp 0 0 <a href="http://0.0.0.0:123">0.0.0.0:123</a> 0.0.0.0:* udp 0 0 <a href="http://0.0.0.0:27861">0.0.0.0:27861</a> 0.0.0.0:* udp 0 0 <a href="http://0.0.0.0:464">0.0.0.0:464</a> 0.0.0.0:* udp6 0 0 :::53734 :::* udp6 0 0 :::53 :::* udp6 0 0 :::123 :::* raw6 0 0 :::58 :::* 7 This is a CentOS 7 box with freeipa-server-4.1.4-1.el7.centos.x86_64 installed. I tried to find possibly where there might be a setting to tell the 389 server to listen on ipv4 but I can't seem to figure out how to do that. Google searches aren't generally coming up with anything real useful either. Anyone have any idea's on what to do here? Thanks in advance!-Steve </div></div>