On 11/30/2012 10:35 PM, Rob Crittenden wrote:
Lynn Root wrote:
Returns a clearer hint when user is running ipa-client-automount with
possible firewall up and blocking need ports.

Not sure if this patch is worded correctly in order to address the
potential firewall block when running ipa-client-automount. Perhaps a
different error should be thrown, rather than NOT_IPA_SERVER.

Ticket: https://fedorahosted.org/freeipa/ticket/3080

Tomas made a similar change recently in ipa-client-install which includes more information on the ports we need. You may want to take a look at that. It was for ticket https://fedorahosted.org/freeipa/ticket/2816

Thank you Rob - I adapted the same approach in this updated patch. Let me know if it addresses the blocked port issue better.

>From a39fa3befe771799092161e68e2c3f80a364c9af Mon Sep 17 00:00:00 2001
From: Lynn Root <lr...@redhat.com>
Date: Mon, 26 Nov 2012 03:59:22 -0500
Subject: [PATCH] Clarified error message with ipa-client-automount.

Returns a clearer hint when user is running ipa-client-automount with possible firewall up and blocking need ports.

Ticket: https://fedorahosted.org/freeipa/ticket/3080
 ipa-client/ipa-install/ipa-client-automount | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/ipa-client/ipa-install/ipa-client-automount b/ipa-client/ipa-install/ipa-client-automount
index fd922b8a9e3fafbe1c740642752ff9258f1260bd..b7771928a4327f1090aafe1bd6728135cda13241 100755
--- a/ipa-client/ipa-install/ipa-client-automount
+++ b/ipa-client/ipa-install/ipa-client-automount
@@ -354,6 +354,17 @@ def configure_nfs(fstore, statestore):
         print "Failed to configure automatic startup of the %s daemon" % (rpcgssd.service_name)
         root_logger.error("Failed to enable automatic startup of the %s daemon: %s" % (rpcgssd.service_name, str(e)))
+def print_port_conf_info():
+    root_logger.info(
+        "Please make sure the following ports are opened "
+        "in the firewall settings:\n"
+        "     TCP: 80, 88, 389\n"
+        "     UDP: 88 (at least one of the TCP/UDP ports 88 has to be open)\n"
+        "Also note that the following ports are necessary for ipa-client "
+        "to properly mount: \n"
+        "     TCP: 464\n"
+        "     UDP: 464, 123 (if NTP enabled)")
 def main():
     fstore = sysrestore.FileStore('/var/lib/ipa-client/sysrestore')
@@ -407,6 +418,7 @@ def main():
     root_logger.debug("Verifying that %s is an IPA server" % server)
     ldapret = ds.ipacheckldap(server, api.env.realm)
     if ldapret[0] != 0:
+        print_port_conf_info()
         sys.exit('Unable to confirm that %s is an IPA v2 server' % server)
     if not autodiscover:

Freeipa-devel mailing list

Reply via email to