We have quite strict firewalls, so I need to specify the IPA network ports accurately. So, we have now opening for:
80/tcp, 88/tcp, 389/tcp, 443/tcp, 464/tcp, 636/tcp 88/udp, 464/udp in to our first IPA server. Now I'm in the process of configuring the first replica. Is there any other ports that needs to be opened between ipa master and replica? We don't serve NTP or DNS from IPA, so I guess these shouldn't be relevant, but I think we want dogtag replicated, so there's maybe some ports for that that needs opening ? Or, to put it another way, which of these ports: http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/Preparing_for_an_IPA_Installation.html#prereq-ports needs to be opened between ipa server, which for all clients, which for replica and which for administrative clients ? HTTP/HTTPS -- open for all LDAP/LDAPS -- open for all Kerberos -- open for all OCSP responder -- open for all if we use certs dogtag 9443 (agents) -- ? dogtag 9444 (users, SSL) -- ? dogtag 9445 (administrators) -- ? dogtag 9446 (users, client authentication) -- ? dogtag 9701 (Tomcat) -- ? dogtag 7389 (internal LDAP database) -- ? -jf _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users