Folks,
Does anyone know the current disposition of $subject? The FreeIPA
documentation:
http://www.freeipa.org/page/Howto/IPAv3_AD_trust_setup#Firewall_configuration
would seem to indicate this is no longer necessary. Is this "official"
or should we block
just the Win/AD server from these ports?
Alexander Bokovoy and I were working together last Friday on a
cross-realm Kerberos trust
to an AD server (Win2012 R2) and noticed replication was not working
because I had
tcp/389 and tcp/636 REJECT configured on the IdM servers. After removing
the rules
everything is working again.
Currently, I still have the rules removed but would like to know whether
to keep them removed
or add them back in but block only the packets from the Win/AD server.
Thanks,
=m
--
Red Hat Reference Architectures
Follow Us: https://twitter.com/RedHatRefArch
Plus Us: https://plus.google.com/u/0/b/114152126783830728030/
Like Us: https://www.facebook.com/rhrefarch
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project
