On 11/30/2012 10:35 PM, Rob Crittenden wrote:
Thank you Rob - I adapted the same approach in this updated patch. Let
me know if it addresses the blocked port issue better.
Lynn Root wrote:
Returns a clearer hint when user is running ipa-client-automount with
possible firewall up and blocking need ports.
Not sure if this patch is worded correctly in order to address the
potential firewall block when running ipa-client-automount. Perhaps a
different error should be thrown, rather than NOT_IPA_SERVER.
Tomas made a similar change recently in ipa-client-install which
includes more information on the ports we need. You may want to take a
look at that. It was for ticket
>From a39fa3befe771799092161e68e2c3f80a364c9af Mon Sep 17 00:00:00 2001
From: Lynn Root <lr...@redhat.com>
Date: Mon, 26 Nov 2012 03:59:22 -0500
Subject: [PATCH] Clarified error message with ipa-client-automount.
Returns a clearer hint when user is running ipa-client-automount with possible firewall up and blocking need ports.
ipa-client/ipa-install/ipa-client-automount | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/ipa-client/ipa-install/ipa-client-automount b/ipa-client/ipa-install/ipa-client-automount
index fd922b8a9e3fafbe1c740642752ff9258f1260bd..b7771928a4327f1090aafe1bd6728135cda13241 100755
@@ -354,6 +354,17 @@ def configure_nfs(fstore, statestore):
print "Failed to configure automatic startup of the %s daemon" % (rpcgssd.service_name)
root_logger.error("Failed to enable automatic startup of the %s daemon: %s" % (rpcgssd.service_name, str(e)))
+ "Please make sure the following ports are opened "
+ "in the firewall settings:\n"
+ " TCP: 80, 88, 389\n"
+ " UDP: 88 (at least one of the TCP/UDP ports 88 has to be open)\n"
+ "Also note that the following ports are necessary for ipa-client "
+ "to properly mount: \n"
+ " TCP: 464\n"
+ " UDP: 464, 123 (if NTP enabled)")
fstore = sysrestore.FileStore('/var/lib/ipa-client/sysrestore')
@@ -407,6 +418,7 @@ def main():
root_logger.debug("Verifying that %s is an IPA server" % server)
ldapret = ds.ipacheckldap(server, api.env.realm)
if ldapret != 0:
sys.exit('Unable to confirm that %s is an IPA v2 server' % server)
if not autodiscover:
Freeipa-devel mailing list