[Freeipa-users] EXTERNAL: Re: Freeipa 3.1.x install on Fedora 18 issues

Rob Crittenden rcritten at redhat.com
Thu Mar 21 20:55:06 UTC 2013 

Miller, Kevin R wrote:
> I went down that route because when I run the ipa_client_install it says that my IPA server is incorrect and to ensure that I have the required ports open. I disabled iptables and placed selinux into permissive mode.  I attempted externally to connect to the necessary ports and was able to determine that they wouldn't respond.  I then ran netstat and confirmed that port 389 and port 80 were not listening for IPV4 connections.  The only listeners were on ::::389 and ::::80.

I'd run iptables -L to ensure that you indeed have no rules. F-18 by 
default configures firewalld.

rob


>
>
> -----Original Message-----
> From: Rob Crittenden [mailto:rcritten at redhat.com]
> Sent: Thursday, March 21, 2013 2:35 PM
> To: Miller, Kevin R; Freeipa-users at redhat.com
> Subject: Re: EXTERNAL: Re: [Freeipa-users] Freeipa 3.1.x install on Fedora 18 issues
>
> Miller, Kevin R wrote:
>> I am able to connect to the web server (80) from the localhost but that is because it uses loopback to connect to the ipv6 listener.  I can telnet to 389 on localhost but again this is due to loopback.
>
> Right, but what about 127.0.0.1, for example? Or the IPv4 address. In other words, did you go down the netstat route because things weren't working or were you just checking?
>
> rob
>>
>>
>>
>> -----Original Message-----
>> From: Rob Crittenden [mailto:rcritten at redhat.com]
>> Sent: Thursday, March 21, 2013 12:45 PM
>> To: Miller, Kevin R; freeipa-users at redhat.com
>> Subject: EXTERNAL: Re: [Freeipa-users] Freeipa 3.1.x install on Fedora
>> 18 issues
>>
>> Miller, Kevin R wrote:
>>> I installed freeipa from the Fedora 18 repo and then ran the
>>> freeipa-server-install with the proper parameters.  Installation
>>> seems to be successful but the http (80) and ldap (389) services are
>>> not listening on the ipv4 interface.  I confirmed that the /etc/hosts
>>> file contains a proper entry that maps the ipv4 address to the fqdn.
>>> If I run a netstat -an |grep 389 I get the following
>>>
>>> Tcp6       0              0              :::389     :::*         Listen
>>>
>>> A netstat -an |grep 80 returns the same
>>>
>>> Tcp6       0              0              :::80       :::*         Listen
>>>
>>> Since I wasn't even using ipv6 I cannot explain why the services were
>>> trying to bind to the ipv6 address instead of the configured IPV4
>>> address I decided to force IPV6 to be disabled by added an entry in
>>> the /etc/sysctl.conf file to disable ipv6.  After I did that, the
>>> port
>>> 80 now binds to 0.0.0.0 which is what I wanted but the 389 continues
>>> to bind to :::.
>>>
>>> Any tips would be appreciated.
>>
>> Does it actually answer on a IPv4 address (including localhost) on port 389?
>>
>> rob
>>
>

More information about the Freeipa-users mailing list