Hello,
   I've been searching around trying to figure out about the ipv4 vs the
ipv6 interfaces for a freeipa server. According to the instructions I see
that:

FreeIPA uses Samba as part of its Active Directory integration and
Samba *requires
enabled IPv6 stack* on the machine.

Adding *ipv6.disable=1* to the kernel commandline disables the whole IPv6
stack and breaks Samba.

Adding *ipv6.disable_ipv6=1* will keep the IPv6 stack functional but will
not assign IPv6 addresses to any of your network devices. This is
recommeneded approach for cases when you don't use IPv6 networking.


I am only using ipv4 on our network. So I managed to set this up and this
helped remove some of the services that were running on ipv6. I've
configured freeipa server and can verify that the DNS part of the server is
working as I can query it with DIG. I also notice this is working because
bind is listening on the ipv4 and ipv6 interfaces. This is also true for
sshd. It's on both interfaces so I can log in with ssh. I can even (locally
on the ipa server) issue ldapsearch commands against the ldap database. The
problem comes from when I try to add a client or query the server with ldap
commands on another machine. What I suspect is that even though I disabled
ipv6 it looks like the directory server is still ONLY listening to on the
ipv6 interface as there isn't anything listed for ipv4. So I suspect this
is why I can't query it remotely as it's only on ipv6.

 netstat -ln

Active Internet connections (only servers)

Proto Recv-Q Send-Q Local Address           Foreign Address         State


tcp        0      0 127.0.0.1:8005          0.0.0.0:*               LISTEN


tcp        0      0 127.0.0.1:8009          0.0.0.0:*               LISTEN


tcp        0      0 0.0.0.0:749             0.0.0.0:*               LISTEN


tcp        0      0 0.0.0.0:8080            0.0.0.0:*               LISTEN


tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN


tcp        0      0 0.0.0.0:464             0.0.0.0:*               LISTEN


tcp        0      0 <PRIMARYIP>:53        0.0.0.0:*               LISTEN


tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN


tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN


tcp        0      0 0.0.0.0:88              0.0.0.0:*               LISTEN


tcp        0      0 127.0.0.1:953           0.0.0.0:*               LISTEN


tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN


tcp        0      0 0.0.0.0:8443            0.0.0.0:*               LISTEN


tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN


tcp6       0      0 :::389                  :::*                    LISTEN


tcp6       0      0 :::749                  :::*                    LISTEN


tcp6       0      0 :::464                  :::*                    LISTEN


tcp6       0      0 :::53                   :::*                    LISTEN


tcp6       0      0 :::22                   :::*                    LISTEN


tcp6       0      0 :::88                   :::*                    LISTEN


tcp6       0      0 :::636                  :::*                    LISTEN


udp        0      0 <PRIMARYIP>:53        0.0.0.0:*


udp        0      0 127.0.0.1:53            0.0.0.0:*


udp        0      0 0.0.0.0:68              0.0.0.0:*


udp        0      0 0.0.0.0:88              0.0.0.0:*


udp        0      0 <PRIMARYIP>:123       0.0.0.0:*


udp        0      0 127.0.0.1:123           0.0.0.0:*


udp        0      0 0.0.0.0:123             0.0.0.0:*


udp        0      0 0.0.0.0:27861           0.0.0.0:*


udp        0      0 0.0.0.0:464             0.0.0.0:*


udp6       0      0 :::53734                :::*


udp6       0      0 :::53                   :::*


udp6       0      0 :::123                  :::*


raw6       0      0 :::58                   :::*                    7



This is a CentOS 7 box with freeipa-server-4.1.4-1.el7.centos.x86_64
installed. I tried to find possibly where there might be a setting to tell
the 389 server to listen on ipv4 but I can't seem to figure out how to do
that. Google searches aren't generally coming up with anything real useful
either. Anyone have any idea's on what to do here? Thanks in advance!

-Steve
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to