Re: [Freeipa-devel] [PATCH 0016] Adds port to connection error message in ipa-client-install

Mon, 01 Oct 2012 09:28:57 -0700 

On 09/26/2012 09:32 PM, Rob Crittenden wrote:

Tomas Babej wrote:

Hi,

Connection error message in ipa-client-install now warns the user
about the need of opening 389 port for directory server.

https://fedorahosted.org/freeipa/ticket/2816

I think this can be pushed as a one-liner.


I think we should list all ports that are required for client enrollment.
From my calculations we need at a minimum tcp ports 80 and 389, either or both udp/tcp for port 88 and if NTP is enabled 123 udp for enrollment alone. The NTP failure won't cause enrollment to fail though, so we may be able to skip that. 

Similarly 464 should be enabled but we don't use it during enrollment.

rob

I improved the error message. Please check if there are any issues.

Thanks

Tomas

>From 397745847ad1612e37c093a803a6f2a3b06d6b3d Mon Sep 17 00:00:00 2001
From: Tomas Babej <tba...@redhat.com>
Date: Wed, 26 Sep 2012 08:52:50 -0400
Subject: [PATCH] Adds port to connection error message in ipa-client-install

Connection error message in ipa-client-install now warns the user
about the need of opening 389 port for directory server.

https://fedorahosted.org/freeipa/ticket/2816
---
 ipa-client/ipa-install/ipa-client-install | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install
index ee8e5831866e1f5d960cbbca290606a944b0f357..9323b22be4b8e8746804eb849689775389fa961b 100755
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@@ -1390,8 +1390,16 @@ def install(options, env, fstore, statestore):
     if ret != 0:
         root_logger.error("Failed to verify that %s is an IPA Server.",
             cli_server[0])
-        root_logger.error("This may mean that the remote server is not up " +
-            "or is not reachable due to network or firewall settings.")
+        root_logger.error("This may mean that the remote server is not up "
+            "or is not reachable due to network or firewall settings. "
+            "Please make sure the following ports are opened in the firewall settings:\n"
+            "     TCP: 80, 88, 389\n"
+            "     UDP: 88\n"
+            "Also note that following ports are necessary for ipa-client "
+            "working properly after enrollment:\n"
+            "     TCP: 464\n"
+            "     UDP: 464, 123 (if NTP enabled)"
+             )
         root_logger.debug("(%s: %s)", cli_server[0], cli_server_source)
         return CLIENT_INSTALL_ERROR
 
-- 
1.7.11.4


_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to