This service will be undergoing maintenance at 00:00 UTC, 2017-10-23 It is expected to last about 30 minutes
Bug 1278435 - Incomplete ports for IPA ad-trust
Incomplete ports for IPA ad-trust
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: doc-Windows_Integration_Guide (Show other bugs)
Unspecified Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: Marc Muehlfeld
Kaushik Banerjee
: Documentation
Depends On: 1275816
  Show dependency treegraph
Reported: 2015-11-05 08:28 EST by Petr Vobornik
Modified: 2016-06-10 07:55 EDT (History)
9 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 1275816
Last Closed: 2016-06-10 07:55:59 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Comment 1 Petr Vobornik 2015-11-05 08:31:29 EST
Related part of ipa-adtrust-manual page after a fix:

Firewall Requirements
       In addition to the IPA server firewall requirements, ipa-adtrust-install requires the following ports to be open to allow IPA and Active Directory to communicate together:

       TCP Ports
              · 135/tcp EPMAP
              · 138/tcp NetBIOS-DGM
              · 139/tcp NetBIOS-SSN
              · 445/tcp Microsoft-DS
              · 1024/tcp through 1300/tcp to allow EPMAP on port 135/tcp to create a TCP listener based on an incoming request.

       UDP Ports
              · 138/udp NetBIOS-DGM
              · 139/udp NetBIOS-SSN
              · 389/udp LDAP
Comment 3 Marc Muehlfeld 2016-05-02 02:34:09 EDT
I added 135/tcp and 1024-1030/tcp to "Table 5.1. Ports Required for a Trust" and in step 2 of "Opening the Required Ports" to the firewall-cmd command.
Comment 5 Petr Vobornik 2016-05-13 06:18:38 EDT
Hi Marc, the upper value of the range is incorrect, it should 1300 instead of 1030.
Comment 6 Marc Muehlfeld 2016-05-13 06:56:27 EDT
I fixed the upper value of the port range.
Comment 7 Aneta Šteflová Petrová 2016-06-10 07:55:59 EDT
Published in an asynchronous update.

Note You need to log in before you can comment on or make changes to this bug.