subject:"Re\\\: \\\[Freeipa\\\-users\\\] Confirming no extra\\\/special ports need to be opened for replication traffic\\\?"

Re: [Freeipa-users] Confirming no extra/special ports need to be opened for replication traffic?

2016-12-14 Thread Chris Dagdigian


Much appreciated, thank you!

Martin Babinsky wrote:
IIRC in IPA v3.0 there was 7389 port used for CA replication, but in 
more recent versions this is not required anymore.


--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] Confirming no extra/special ports need to be opened for replication traffic?

2016-12-14 Thread Martin Babinsky


On 12/14/2016 05:50 PM, Chris Dagdigian wrote:


Been reading various generations of documentation to find out if I need
additional TCP or UDP ports opened for IPA replication between
VPN-connected dataceners.

I think the modern answer is no? We just need the standard IPA ports
open between all of the IPA master/replicas that chat to each other?

TCP Ports:
  * 80, 443: HTTP/HTTPS
  * 389, 636: LDAP/LDAPS
  * 88, 464: kerberos
  * 53: bind
UDP Ports:
  * 88, 464: kerberos
  * 53: bind
  * 123: ntp


-Chris



Hi Chris,

IIRC in IPA v3.0 there was 7389 port used for CA replication, but in 
more recent versions this is not required anymore.


--
Martin^3 Babinsky

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] Confirming no extra/special ports need to be opened for replication traffic?

Re: [Freeipa-users] Confirming no extra/special ports need to be opened for replication traffic?

2 matches

Site Navigation

Mail list logo

Footer information