On Thu, 29 Oct 2015, Gabe Alford wrote:
Hello,
Fix for https://fedorahosted.org/freeipa/ticket/5414
Thanks,
Gabe
From 515582d66252521a3cbf6a6a48f33745bd788c86 Mon Sep 17 00:00:00 2001
From: Gabe <redhatri...@gmail.com>
Date: Thu, 29 Oct 2015 20:28:27 -0600
Subject: [PATCH] Incomplete ports for IPA AD Trust
https://fedorahosted.org/freeipa/ticket/5414
---
install/tools/ipa-adtrust-install | 1 +
1 file changed, 1 insertion(+)
diff --git a/install/tools/ipa-adtrust-install
b/install/tools/ipa-adtrust-install
index
1f41cc437e8a930c350eac0fb34e5bebc9f9b55b..84e28b57524b2c3308e52cc56b4b370276add0b7
100755
--- a/install/tools/ipa-adtrust-install
+++ b/install/tools/ipa-adtrust-install
@@ -472,6 +472,7 @@ Setup complete
You must make sure these network ports are open:
\tTCP Ports:
+\t * 135: epmap
\t * 138: netbios-dgm
\t * 139: netbios-ssn
\t * 445: microsoft-ds
This is good but not complete. What end-point mapper does is creating a
listener based on the incoming request and access to the listener needs
to be provided as well. A listener is created currently in the range of
1024..1300/TCP but we already have request to make this range
configurable (it is hard coded right now in Samba code) because with
Windows 2008 Microsoft moved it from 1025..5000 to 49152..65535:
https://support.microsoft.com/en-us/kb/929851
We were thinking to add a call out hook on Samba side to call
firewall-related script that could do hole punching on demand but it is
not there yet.
What we could do in ipa-adtrust-install, is to add section about TCP/UDP
ports to the manual page and explicitly reference that one in case of
epmap line:
\t *135: epmap (see ipa-adtrust-install(1) man page for details)
We don't have the firewall section in the manpage at all, btw.
What do you think?
--
/ Alexander Bokovoy
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
