On 3.4.2014 07:55, Justin Brown wrote:
I'm having some trouble determining which ports my servers need open to communicate and what ports client servers and users will need. The last documentation that I was able to find was included in Fedora 15 (http://docs.fedoraproject.org/en-US/Fedora/15/html/FreeIPA_Guide/installing-ipa.html).
http://www.freeipa.org/page/Documentation is the ultimate source of documentation.
Latest documentation build is on http://www.freeipa.org/docs/master/html-desktop/index.html
I opened those ports with firewalld, but I encountered errors when joining my replica server. (I retried the replica install with firewalld, and it succeeded, so it's clearly a problem with the firewall settings.) I'm joining the wave of the future, so please excuse the firewalld XML, but it should be pretty obvsious. All of the services are built into firewalld, except "dogtag", which I made myself and is defined at the end.
ipa-replica-conncheck utility should tell you what is missing.
On a side note, it would be nice if the firewalld packagers included a freeipa-server service (nudge nudge).
Patches are welcome :-) -- Petr^2 Spacek _______________________________________________ Freeipa-users mailing list Freeipaemail@example.com https://www.redhat.com/mailman/listinfo/freeipa-users