Does anyone know the current disposition of $subject? The FreeIPA
would seem to indicate this is no longer necessary. Is this "official"
or should we block
just the Win/AD server from these ports?
Alexander Bokovoy and I were working together last Friday on a
cross-realm Kerberos trust
to an AD server (Win2012 R2) and noticed replication was not working
because I had
tcp/389 and tcp/636 REJECT configured on the IdM servers. After removing
everything is working again.
Currently, I still have the rules removed but would like to know whether
to keep them removed
or add them back in but block only the packets from the Win/AD server.
Red Hat Reference Architectures
Follow Us: https://twitter.com/RedHatRefArch
Plus Us: https://plus.google.com/u/0/b/114152126783830728030/
Like Us: https://www.facebook.com/rhrefarch
Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project