Lynn Root wrote:
On Mon 03 Dec 2012 05:20:32 AM PST, Lynn Root wrote:
On 11/30/2012 10:35 PM, Rob Crittenden wrote:
Lynn Root wrote:
Returns a clearer hint when user is running ipa-client-automount with
possible firewall up and blocking need ports.

Not sure if this patch is worded correctly in order to address the
potential firewall block when running ipa-client-automount. Perhaps a
different error should be thrown, rather than NOT_IPA_SERVER.


Tomas made a similar change recently in ipa-client-install which
includes more information on the ports we need. You may want to take
a look at that. It was for ticket

Thank you Rob - I adapted the same approach in this updated patch. Let
me know if it addresses the blocked port issue better.


Just bumping this thread - I think this might have fallen on the
way-side; certainly lost track of it myself after returning home/holidays.

However I noticed that this ticket
( now has an RFE tag -
don't _believe_ that was there when I started working on it in late
November.  I believe the whole design doc conversation was going on
around then. I assume I'll need to start one for this?


I think this is still not quite right, and I think could be improved in ipa-client-install as well.

ipacheckldap() only tries to connect to port 389 (optionally with StartTLS). It returns a number of different possible errors, I think we should have some way to report more specific error messages based on those (can't connect to server Y on port 389, Unable to find Kerberos container, etc) in addition to "Unable to confirm that X is an IPA server". We probably want to do something about the v2 part as well.

I think a table in ipadiscovery to translate the possible return vals from ipacheckldap() into a string that can logged is the way to go.


Freeipa-devel mailing list

Reply via email to