From e76e86656ae5c8f5e59a340e1ab4f9d107af7916 Mon Sep 17 00:00:00 2001 From: Gabe Date: Nov 05 2015 10:09:51 +0000 Subject: Incomplete ports for IPA AD Trust - Add subsection to ipa-adtrust-install man page - Update port information in ipa-adtrust-install https://fedorahosted.org/freeipa/ticket/5414 Reviewed-By: Alexander Bokovoy --- diff --git a/install/tools/ipa-adtrust-install b/install/tools/ipa-adtrust-install index 21e58dd..d2cec17 100755 --- a/install/tools/ipa-adtrust-install +++ b/install/tools/ipa-adtrust-install @@ -467,15 +467,19 @@ Setup complete You must make sure these network ports are open: \tTCP Ports: +\t * 135: epmap \t * 138: netbios-dgm \t * 139: netbios-ssn \t * 445: microsoft-ds +\t * 1024..1300: epmap listener range \tUDP Ports: \t * 138: netbios-dgm \t * 139: netbios-ssn \t * 389: (C)LDAP \t * 445: microsoft-ds +See the ipa-adtrust-install(1) man page for more details + ============================================================================= """ if admin_password: diff --git a/install/tools/man/ipa-adtrust-install.1 b/install/tools/man/ipa-adtrust-install.1 index 2658f19..21b724c 100644 --- a/install/tools/man/ipa-adtrust-install.1 +++ b/install/tools/man/ipa-adtrust-install.1 @@ -36,6 +36,31 @@ configuration of the local range cannot be changed by running ipa\-adtrust\-install a second time because with changes here other objects might be affected as well. +.SS "Firewall Requirements" +In addition to the IPA server firewall requirements, ipa\-adtrust\-install requires +the following ports to be open to allow IPA and Active Directory to communicate together: + +\fBTCP Ports\fR +.IP +\(bu 135/tcp EPMAP +.IP +\(bu 138/tcp NetBIOS-DGM +.IP +\(bu 139/tcp NetBIOS-SSN +.IP +\(bu 445/tcp Microsoft-DS +.IP +\(bu 1024/tcp through 1300/tcp to allow EPMAP on port 135/tcp to create a TCP listener based +on an incoming request. +.TP +\fBUDP Ports\fR +.IP +\(bu 138/udp NetBIOS-DGM +.IP +\(bu 139/udp NetBIOS-SSN +.IP +\(bu 389/udp LDAP + .SH "OPTIONS" .TP \fB\-d\fR, \fB\-\-debug\fR