[Freeipa-users] Port and protocol for winsync
malo
malo at avast.com
Fri Sep 23 12:35:28 UTC 2016
Thank you for your response Martin !
This restriction is due to the architecture of the in place network.
This is sadly not something that I can change.
Regards,
Nathan
On 09/23/2016 02:26 PM, Martin Babinsky wrote:
> On 09/23/2016 01:09 PM, malo wrote:
>> Hello,
>>
>>
>> I am currently trying to setup the winsyncagreement between my AD and
>> my FreeIPA servers. The network topology allows me to only connect the
>> FreeIPA server to the 636 port of AD, using TLS.
>>
>> It seems that FreeIPA wants to connect to the port 389 using StartTLS
>> when I run the ipa-replica-manage command to create the winsync
>> agreement.
>>
>> I know that I can modify the parameters of the winsync agreement once it
>> is established, by modifying the cn=replica,cn=XXXXcom,cn=mapping
>> tree,cn=config elements.
>>
>>
>> But is there a way to specify the port as well as the protocol to use on
>> the first configuration of the winsync agreement ?
>>
>>
>> Thank you for your help,
>>
>> Best regards,
>>
>>
>> Nathan M.
>>
> I am afraid that this is hardcoded in ipa-replica-manage and there is
> no way to force the command to use LDAPS connection.
>
> Is there any particular reason why incoming connections on AD DC's
> port 389 are blocked in your network?
>
More information about the Freeipa-users
mailing list