[Freeipa-users] Re: Client install fails with: "Joining realm failed: JSON-RPC call failed: Timeout was reached"

Alexander Bokovoy via FreeIPA-users Sun, 31 Mar 2024 07:45:24 -0700

On Sun, 31 Mar 2024, Antoine Gatineau via FreeIPA-users wrote:

iirc port 80 and 443 are needed. 123 is for ntp so if you don't synctime from the ipa servers you woudl not need that port.
https://access.redhat.com/solutions/357673


Everything is covered in the documentation:

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/installing_identity_management/preparing-the-system-for-ipa-server-installation_installing-identity-management#port-requirements-for-idm_preparing-the-system-for-ipa-server-installation

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/installing_identity_management/preparing-the-system-for-ipa-client-installation_installing-identity-management#port-requirements-for-ipa-clients_preparing-the-system-for-ipa-client-installation

It is best to follow the documentation -- take
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9
and check the box 'Identity management' on the left side to limit amount
of books to the topics relevant to identity management. Unfortunately,
currently this documentation site does not allow pre-select the topics.

Another place to look is this old draft I never managed to turn into a
blog or documentation article myself:
https://vda.li/drafts/firewall-considerations.txt

It is still valid.


On 3/29/24 13:13, slek kus via FreeIPA-users wrote:

Hi, not sure what might be an issue. Clients in the same network join just fine.
The failing client is on another network. The following ports have been 
allowed: 53, 389, 636, 88, 464
Saw a list somewhere, mentioning 123, 80 and 443. Are these porst nessecary for 
the client/idm communication?
--
_______________________________________________
FreeIPA-users mailing list --freeipa-users@lists.fedorahosted.org
To unsubscribe send an email tofreeipa-users-le...@lists.fedorahosted.org
Fedora Code of 
Conduct:https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:https://fedoraproject.org/wiki/Mailing_list_guidelines
List 
Archives:https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam, report 
it:https://pagure.io/fedora-infrastructure/new_issue





--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
--
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

[Freeipa-users] Re: Client install fails with: "Joining realm failed: JSON-RPC call failed: Timeout was reached"

Reply via email to