On Sun, 31 Mar 2024, Antoine Gatineau via FreeIPA-users wrote:
iirc port 80 and 443 are needed. 123 is for ntp so if you don't
sync
time from the ipa servers you woudl not need that port.
https://access.redhat.com/solutions/357673
Everything is covered in the documentation:
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/...
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/...
It is best to follow the documentation -- take
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9
and check the box 'Identity management' on the left side to limit amount
of books to the topics relevant to identity management. Unfortunately,
currently this documentation site does not allow pre-select the topics.
Another place to look is this old draft I never managed to turn into a
blog or documentation article myself:
https://vda.li/drafts/firewall-considerations.txt
It is still valid.
On 3/29/24 13:13, slek kus via FreeIPA-users wrote:
>Hi, not sure what might be an issue. Clients in the same network join just fine.
>The failing client is on another network. The following ports have been allowed: 53,
389, 636, 88, 464
>Saw a list somewhere, mentioning 123, 80 and 443. Are these porst nessecary for the
client/idm communication?
>--
>_______________________________________________
>FreeIPA-users mailing list --freeipa-users(a)lists.fedorahosted.org
>To unsubscribe send an email tofreeipa-users-leave(a)lists.fedorahosted.org
>Fedora Code of
Conduct:https://docs.fedoraproject.org/en-US/project/code-of-conduct/
>List
Guidelines:https://fedoraproject.org/wiki/Mailing_list_guidelines
>List
Archives:https://lists.fedorahosted.org/archives/list/freeipa-users@lists...
>Do not reply to spam, report it:https://pagure.io/fedora-infrastructure/new_issue
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland