Bug 1278435

Summary: Incomplete ports for IPA ad-trust
Product: Red Hat Enterprise Linux 7 Reporter: Petr Vobornik <pvoborni>
Component: doc-Windows_Integration_GuideAssignee: Marc Muehlfeld <mmuehlfe>
Status: CLOSED CURRENTRELEASE QA Contact: Kaushik Banerjee <kbanerje>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.2CC: abokovoy, apetrova, ckyriaki, ipa-maint, mmuehlfe, nsoman, pvoborni, rcritten, rhel-docs
Target Milestone: rcKeywords: Documentation
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 1275816 Environment:
Last Closed: 2016-06-10 11:55:59 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1275816    
Bug Blocks:    

Comment 1 Petr Vobornik 2015-11-05 13:31:29 UTC 
Related part of ipa-adtrust-manual page after a fix:

Firewall Requirements
       In addition to the IPA server firewall requirements, ipa-adtrust-install requires the following ports to be open to allow IPA and Active Directory to communicate together:

       TCP Ports
              · 135/tcp EPMAP
              · 138/tcp NetBIOS-DGM
              · 139/tcp NetBIOS-SSN
              · 445/tcp Microsoft-DS
              · 1024/tcp through 1300/tcp to allow EPMAP on port 135/tcp to create a TCP listener based on an incoming request.

       UDP Ports
              · 138/udp NetBIOS-DGM
              · 139/udp NetBIOS-SSN
              · 389/udp LDAP
Comment 3 Marc Muehlfeld 2016-05-02 06:34:09 UTC 
I added 135/tcp and 1024-1030/tcp to "Table 5.1. Ports Required for a Trust" and in step 2 of "Opening the Required Ports" to the firewall-cmd command.
Comment 5 Petr Vobornik 2016-05-13 10:18:38 UTC 
Hi Marc, the upper value of the range is incorrect, it should 1300 instead of 1030.

https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=a566657f9d73a01b08017d251c4a0776d46265e2
https://www.redhat.com/archives/freeipa-devel/2015-October/msg00493.html
Comment 6 Marc Muehlfeld 2016-05-13 10:56:27 UTC 
I fixed the upper value of the port range.
Comment 7 Aneta Šteflová Petrová 2016-06-10 11:55:59 UTC 
Published in an asynchronous update.