Hi, On Thu, Oct 13, 2022 at 11:04 AM iulian roman via FreeIPA-users < [email protected]> wrote:
> Hello everybody, > > I have a FreeIPA setup with AD trust which works properly. I recently > noticed that authentication does not work on some freeipa clients which are > in a firewalled network. All ports to the FreeIPA servers were allowed in > the firewall. Checking the logs , I observed that kerberos client on > freeipa clients does try to connect directly to Active Directory Domain > Controllers , not only to the KDC in FreeIPA server. > Can anyone please explain or point to the documentation where it is > mentioned exactly why do we still need direct connectivity to AD on port 88 > for FreeIPA clients ? > > You can refer to this chapter: Ports required for communication between IdM and AD [1] and: Troubleshooting client access to services in the other forest [2] which has nice diagrams with the information flow. HTH, flo [1] https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/installing_identity_management/index#ports-required-for-communication-between-idm-and-ad_installing-trust-between-idm-and-ad [2] https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/installing_identity_management/index#assembly_troubleshooting-client-access-to-services-in-the-other-forest_installing-trust-between-idm-and-ad > Regards, > iulian > _______________________________________________ > FreeIPA-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue >
_______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
