hi guys,
with IPA replication on a "publicly" exposed network what IPA(and related) services/ports, if any, can be closed? What is that bare minimum that need to stay opened so replication cannot be harmed?
No IPA clients in traditional sense, except for DNS, on that "public" net.
many thanks, L.
On 8/28/19 1:31 PM, lejeczek via FreeIPA-users wrote:
hi guys,
with IPA replication on a "publicly" exposed network what IPA(and related) services/ports, if any, can be closed? What is that bare minimum that need to stay opened so replication cannot be harmed?
Hi,
the replication happens on the LDAP port. Please refer to [1] Port Requirements for the whole list. HTH, flo
[1] https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/htm...
No IPA clients in traditional sense, except for DNS, on that "public" net.
many thanks, L.
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
On 29/08/2019 08:20, Florence Blanc-Renaud wrote:
On 8/28/19 1:31 PM, lejeczek via FreeIPA-users wrote:
hi guys,
with IPA replication on a "publicly" exposed network what IPA(and related) services/ports, if any, can be closed? What is that bare minimum that need to stay opened so replication cannot be harmed?
Hi,
the replication happens on the LDAP port. Please refer to [1] Port Requirements for the whole list. HTH, flo
[1] https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/htm...
Thus I take it that only LDAP/s ports need to stay opened for replication to work, rest can be closed.
If one would wanted to add AD incoming trust, which ports/services must opened for that, if any?
many thanks, L.
No IPA clients in traditional sense, except for DNS, on that "public" net.
many thanks, L.
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
On Thu, Aug 29, 2019 at 11:57 AM lejeczek via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
On 29/08/2019 08:20, Florence Blanc-Renaud wrote:
On 8/28/19 1:31 PM, lejeczek via FreeIPA-users wrote:
hi guys,
with IPA replication on a "publicly" exposed network what IPA(and related) services/ports, if any, can be closed? What is that bare minimum that need to stay opened so replication cannot be harmed?
Hi,
the replication happens on the LDAP port. Please refer to [1] Port Requirements for the whole list. HTH, flo
[1] https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/htm...
Thus I take it that only LDAP/s ports need to stay opened for replication to work, rest can be closed.
If one would wanted to add AD incoming trust, which ports/services must opened for that, if any?
These are listed in the Windows Integration Guide: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/htm...
many thanks, L.
No IPA clients in traditional sense, except for DNS, on that "public" net.
many thanks, L.
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
freeipa-users@lists.fedorahosted.org
-
Florence Blanc-Renaud -
François Cami -
lejeczek