Tomas Babej wrote:
On 10/03/2012 03:31 PM, Tomas Babej wrote:
On 10/02/2012 08:48 PM, Rob Crittenden wrote:
Tomas Babej wrote:
On 09/26/2012 09:32 PM, Rob Crittenden wrote:
Tomas Babej wrote:
Hi,
Connection error message in ipa-client-install now warns the user
about the need of opening 389 port for directory server.
https://fedorahosted.org/freeipa/ticket/2816
I think this can be pushed as a one-liner.
I think we should list all ports that are required for client
enrollment.
From my calculations we need at a minimum tcp ports 80 and 389, either
or both udp/tcp for port 88 and if NTP is enabled 123 udp for
enrollment alone. The NTP failure won't cause enrollment to fail
though, so we may be able to skip that.
Similarly 464 should be enabled but we don't use it during enrollment.
rob
I improved the error message. Please check if there are any issues.
Thanks
Tomas
This only works if port 389 is blocked, not 88 or 80.
rob
I tested and added the port configuration info message at the appropriate
places for TCP 80, 88, 389 ports. I also added the info message at the
end
of installation output. Please consider if you agree with this approach.
Tomas
I reworded the commit message, due to the scope of changes made
since the first revision of the patch.
Tomas
Works a lot better, just a few more suggestions:
1. When we fail to retrieve the CA from the remote server we log it but
don't print it. I think this would make it clearer why we think this
isn't an IPA server.
2. Do we need to print the ports message at the end? If it gets this far
then at least ports 80, 88 and 389 are open.
I would suggest dropping the last message. I think we should also open a
new ticket and do port checks on the things we need so we can confirm it
up front instead of one-at-a-time.
rob
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
