Lynn Root wrote:
On Mon 03 Dec 2012 05:20:32 AM PST, Lynn Root wrote:
On 11/30/2012 10:35 PM, Rob Crittenden wrote:
Lynn Root wrote:
Returns a clearer hint when user is running ipa-client-automount with
possible firewall up and blocking need ports.
Not sure if this patch is worded correctly in order to address the
potential firewall block when running ipa-client-automount. Perhaps a
different error should be thrown, rather than NOT_IPA_SERVER.
Tomas made a similar change recently in ipa-client-install which
includes more information on the ports we need. You may want to take
a look at that. It was for ticket
Thank you Rob - I adapted the same approach in this updated patch. Let
me know if it addresses the blocked port issue better.
Just bumping this thread - I think this might have fallen on the
way-side; certainly lost track of it myself after returning home/holidays.
However I noticed that this ticket
(https://fedorahosted.org/freeipa/ticket/3080) now has an RFE tag -
don't _believe_ that was there when I started working on it in late
November. I believe the whole design doc conversation was going on
around then. I assume I'll need to start one for this?
I think this is still not quite right, and I think could be improved in
ipa-client-install as well.
ipacheckldap() only tries to connect to port 389 (optionally with
StartTLS). It returns a number of different possible errors, I think we
should have some way to report more specific error messages based on
those (can't connect to server Y on port 389, Unable to find Kerberos
container, etc) in addition to "Unable to confirm that X is an IPA
server". We probably want to do something about the v2 part as well.
I think a table in ipadiscovery to translate the possible return vals
from ipacheckldap() into a string that can logged is the way to go.
Freeipa-devel mailing list