On Sun, 31 Mar 2024, Antoine Gatineau via FreeIPA-users wrote:
iirc port 80 and 443 are needed. 123 is for ntp so if you don't sync
time from the ipa servers you woudl not need that port.
https://access.redhat.com/solutions/357673
Everything is covered in the documentation:
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/installing_identity_management/preparing-the-system-for-ipa-server-installation_installing-identity-management#port-requirements-for-idm_preparing-the-system-for-ipa-server-installation
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/installing_identity_management/preparing-the-system-for-ipa-client-installation_installing-identity-management#port-requirements-for-ipa-clients_preparing-the-system-for-ipa-client-installation
It is best to follow the documentation -- take
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9
and check the box 'Identity management' on the left side to limit amount
of books to the topics relevant to identity management. Unfortunately,
currently this documentation site does not allow pre-select the topics.
Another place to look is this old draft I never managed to turn into a
blog or documentation article myself:
https://vda.li/drafts/firewall-considerations.txt
It is still valid.
On 3/29/24 13:13, slek kus via FreeIPA-users wrote:
Hi, not sure what might be an issue. Clients in the same network join just fine.
The failing client is on another network. The following ports have been
allowed: 53, 389, 636, 88, 464
Saw a list somewhere, mentioning 123, 80 and 443. Are these porst nessecary for
the client/idm communication?
--
_______________________________________________
FreeIPA-users mailing list --freeipa-users@lists.fedorahosted.org
To unsubscribe send an email tofreeipa-users-le...@lists.fedorahosted.org
Fedora Code of
Conduct:https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:https://fedoraproject.org/wiki/Mailing_list_guidelines
List
Archives:https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam, report
it:https://pagure.io/fedora-infrastructure/new_issue
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
--
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue