This service will be undergoing maintenance at 00:00 UTC, 2017-10-23 It is expected to last about 30 minutes
Bug 1278435 - Incomplete ports for IPA ad-trust
Incomplete ports for IPA ad-trust
Status: CLOSED CURRENTRELEASE
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: doc-Windows_Integration_Guide (Show other bugs)
7.2
Unspecified Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: Marc Muehlfeld
Kaushik Banerjee
: Documentation
Depends On: 1275816
Blocks:
  Show dependency treegraph
 
Reported: 2015-11-05 08:28 EST by Petr Vobornik
Modified: 2016-06-10 07:55 EDT (History)
9 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 1275816
Environment:
Last Closed: 2016-06-10 07:55:59 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Comment 1 Petr Vobornik 2015-11-05 08:31:29 EST
Related part of ipa-adtrust-manual page after a fix:

Firewall Requirements
       In addition to the IPA server firewall requirements, ipa-adtrust-install requires the following ports to be open to allow IPA and Active Directory to communicate together:

       TCP Ports
              · 135/tcp EPMAP
              · 138/tcp NetBIOS-DGM
              · 139/tcp NetBIOS-SSN
              · 445/tcp Microsoft-DS
              · 1024/tcp through 1300/tcp to allow EPMAP on port 135/tcp to create a TCP listener based on an incoming request.

       UDP Ports
              · 138/udp NetBIOS-DGM
              · 139/udp NetBIOS-SSN
              · 389/udp LDAP
Comment 3 Marc Muehlfeld 2016-05-02 02:34:09 EDT
I added 135/tcp and 1024-1030/tcp to "Table 5.1. Ports Required for a Trust" and in step 2 of "Opening the Required Ports" to the firewall-cmd command.
Comment 5 Petr Vobornik 2016-05-13 06:18:38 EDT
Hi Marc, the upper value of the range is incorrect, it should 1300 instead of 1030.

https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=a566657f9d73a01b08017d251c4a0776d46265e2
https://www.redhat.com/archives/freeipa-devel/2015-October/msg00493.html
Comment 6 Marc Muehlfeld 2016-05-13 06:56:27 EDT
I fixed the upper value of the port range.
Comment 7 Aneta Šteflová Petrová 2016-06-10 07:55:59 EDT
Published in an asynchronous update.

Note You need to log in before you can comment on or make changes to this bug.