[Freeipa-users] EXTERNAL: Re: Freeipa 3.1.x install on Fedora 18 issues

Rob Crittenden rcritten at redhat.com
Thu Mar 21 21:28:17 UTC 2013 

Miller, Kevin R wrote:
> There is still and iptables rule set but I disabled the service with a chkconfig iptables off and a chkconfig ip6tables off.  I also did a chkconfig firewalld off.  I just verified that each was still disabled with a service iptables status and repeated for the other services.

chkconfig doesn't stop a running service, just stops it from starting 
automatically on the next reboot.

iptables -L will tell you if there are any rules in the kernel now.

I ask because on my working F-18 box netstat shows the same output.

rob

>
>
>
> -----Original Message-----
> From: Rob Crittenden [mailto:rcritten at redhat.com]
> Sent: Thursday, March 21, 2013 2:55 PM
> To: Miller, Kevin R; Freeipa-users at redhat.com
> Subject: Re: EXTERNAL: Re: [Freeipa-users] Freeipa 3.1.x install on Fedora 18 issues
>
> Miller, Kevin R wrote:
>> I went down that route because when I run the ipa_client_install it says that my IPA server is incorrect and to ensure that I have the required ports open. I disabled iptables and placed selinux into permissive mode.  I attempted externally to connect to the necessary ports and was able to determine that they wouldn't respond.  I then ran netstat and confirmed that port 389 and port 80 were not listening for IPV4 connections.  The only listeners were on ::::389 and ::::80.
>
> I'd run iptables -L to ensure that you indeed have no rules. F-18 by default configures firewalld.
>
> rob
>
>
>>
>>
>> -----Original Message-----
>> From: Rob Crittenden [mailto:rcritten at redhat.com]
>> Sent: Thursday, March 21, 2013 2:35 PM
>> To: Miller, Kevin R; Freeipa-users at redhat.com
>> Subject: Re: EXTERNAL: Re: [Freeipa-users] Freeipa 3.1.x install on
>> Fedora 18 issues
>>
>> Miller, Kevin R wrote:
>>> I am able to connect to the web server (80) from the localhost but that is because it uses loopback to connect to the ipv6 listener.  I can telnet to 389 on localhost but again this is due to loopback.
>>
>> Right, but what about 127.0.0.1, for example? Or the IPv4 address. In other words, did you go down the netstat route because things weren't working or were you just checking?
>>
>> rob
>>>
>>>
>>>
>>> -----Original Message-----
>>> From: Rob Crittenden [mailto:rcritten at redhat.com]
>>> Sent: Thursday, March 21, 2013 12:45 PM
>>> To: Miller, Kevin R; freeipa-users at redhat.com
>>> Subject: EXTERNAL: Re: [Freeipa-users] Freeipa 3.1.x install on
>>> Fedora
>>> 18 issues
>>>
>>> Miller, Kevin R wrote:
>>>> I installed freeipa from the Fedora 18 repo and then ran the
>>>> freeipa-server-install with the proper parameters.  Installation
>>>> seems to be successful but the http (80) and ldap (389) services are
>>>> not listening on the ipv4 interface.  I confirmed that the
>>>> /etc/hosts file contains a proper entry that maps the ipv4 address to the fqdn.
>>>> If I run a netstat -an |grep 389 I get the following
>>>>
>>>> Tcp6       0              0              :::389     :::*         Listen
>>>>
>>>> A netstat -an |grep 80 returns the same
>>>>
>>>> Tcp6       0              0              :::80       :::*         Listen
>>>>
>>>> Since I wasn't even using ipv6 I cannot explain why the services
>>>> were trying to bind to the ipv6 address instead of the configured
>>>> IPV4 address I decided to force IPV6 to be disabled by added an
>>>> entry in the /etc/sysctl.conf file to disable ipv6.  After I did
>>>> that, the port
>>>> 80 now binds to 0.0.0.0 which is what I wanted but the 389 continues
>>>> to bind to :::.
>>>>
>>>> Any tips would be appreciated.
>>>
>>> Does it actually answer on a IPv4 address (including localhost) on port 389?
>>>
>>> rob
>>>
>>
>

More information about the Freeipa-users mailing list