Does anyone know the current disposition of $subject? The FreeIPA documentation:

would seem to indicate this is no longer necessary. Is this "official" or should we block
just the Win/AD server from these ports?

Alexander Bokovoy and I were working together last Friday on a cross-realm Kerberos trust to an AD server (Win2012 R2) and noticed replication was not working because I had tcp/389 and tcp/636 REJECT configured on the IdM servers. After removing the rules
everything is working again.

Currently, I still have the rules removed but would like to know whether to keep them removed
or add them back in but block only the packets from the Win/AD server.




Red Hat Reference Architectures

Follow Us:
Plus Us:
Like Us:

Manage your subscription for the Freeipa-users mailing list:
Go To for more info on the project

Reply via email to