Folks,

Does anyone know the current disposition of $subject? The FreeIPA documentation:

http://www.freeipa.org/page/Howto/IPAv3_AD_trust_setup#Firewall_configuration

would seem to indicate this is no longer necessary. Is this "official" or should we block
just the Win/AD server from these ports?

Alexander Bokovoy and I were working together last Friday on a cross-realm Kerberos trust to an AD server (Win2012 R2) and noticed replication was not working because I had tcp/389 and tcp/636 REJECT configured on the IdM servers. After removing the rules
everything is working again.

Currently, I still have the rules removed but would like to know whether to keep them removed
or add them back in but block only the packets from the Win/AD server.

Thanks,

=m



--

Red Hat Reference Architectures

Follow Us: https://twitter.com/RedHatRefArch
Plus Us: https://plus.google.com/u/0/b/114152126783830728030/
Like Us: https://www.facebook.com/rhrefarch

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to