Hi, On Fri, Jun 28, 2024 at 4:58 PM slek kus via FreeIPA-users < [email protected]> wrote:
> After some more searching, I see that the client contacts the AD domain > controller, asking for AAA record, then connects to the AD forest > controller, which is _not_ reachable due to firewall filters. > Does ipa-client always need to contact the root DC for a krb ticket (guess > this is what is attempted here)? > You can refer to https://docs.redhat.com/en/documentation/Red_Hat_Enterprise_Linux/9/html/installing_trust_between_idm_and_ad/ports-required-for-communication-between-idm-and-ad_installing-trust-between-idm-and-ad#ports-required-for-communication-between-idm-and-ad_installing-trust-between-idm-and-ad especially the diagram showing communication sent by IdM clients, and https://docs.redhat.com/en/documentation/Red_Hat_Enterprise_Linux/9/html/installing_trust_between_idm_and_ad/assembly_troubleshooting-client-access-to-services-in-the-other-forest_installing-trust-between-idm-and-ad#ref_flow-of-information-when-an-idm-client-requests-services-from-an-ad-server_assembly_troubleshooting-client-access-to-services-in-the-other-forest HTH, flo > -- > _______________________________________________ > FreeIPA-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue >
-- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
