On 13.10.22 10:57, iulian roman via FreeIPA-users wrote:
Hello everybody,
I have a FreeIPA setup with AD trust which works properly. I recently noticed
that authentication does not work on some freeipa clients which are in a
firewalled network. All ports to the FreeIPA servers were allowed in the
firewall. Checking the logs , I observed that kerberos client on freeipa
clients does try to connect directly to Active Directory Domain Controllers ,
not only to the KDC in FreeIPA server.
Can anyone please explain or point to the documentation where it is mentioned
exactly why do we still need direct connectivity to AD on port 88 for FreeIPA
clients ?
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/installing_identity_management/installing-trust-between-idm-and-ad_installing-identity-management
I always use this:
https://access.redhat.com/webassets/avalon/d/Red_Hat_Enterprise_Linux-8-Installing_Identity_Management-en-US/images/fc93488580ceb829bd9e8bf2379ea978/231_RHEL_troubleshooting_cross-forest_0422_firewall.png
Cheers,
Ronald
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
