Tomas Babej wrote:
On 10/04/2012 11:06 AM, Tomas Babej wrote:
On 10/03/2012 07:27 PM, Rob Crittenden wrote:
Tomas Babej wrote:
On 10/03/2012 03:31 PM, Tomas Babej wrote:
On 10/02/2012 08:48 PM, Rob Crittenden wrote:
Tomas Babej wrote:
On 09/26/2012 09:32 PM, Rob Crittenden wrote:
Tomas Babej wrote:
Hi,

Connection error message in ipa-client-install now warns the user
about the need of opening 389 port for directory server.

https://fedorahosted.org/freeipa/ticket/2816

I think this can be pushed as a one-liner.

I think we should list all ports that are required for client
enrollment.

From my calculations we need at a minimum tcp ports 80 and 389,
either
or both udp/tcp for port 88 and if NTP is enabled 123 udp for
enrollment alone. The NTP failure won't cause enrollment to fail
though, so we may be able to skip that.

Similarly 464 should be enabled but we don't use it during
enrollment.

rob
I improved the error message. Please check if there are any issues.

Thanks

Tomas

This only works if port 389 is blocked, not 88 or 80.

rob
I tested and added the port configuration info message at the
appropriate
places for TCP 80, 88, 389 ports. I also added the info message at the
end
of installation output. Please consider if you agree with this
approach.

Tomas
I reworded the commit message, due to the scope of changes made
since the first revision of the patch.

Tomas

Works a lot better, just a few more suggestions:

1. When we fail to retrieve the CA from the remote server we log it
but don't print it. I think this would make it clearer why we think
this isn't an IPA server.

2. Do we need to print the ports message at the end? If it gets this
far then at least ports 80, 88 and 389 are open.

I would suggest dropping the last message. I think we should also
open a new ticket and do port checks on the things we need so we can
confirm it up front instead of one-at-a-time.

rob
1.) Done.
2.) Well I had a feeling it was not really necessary too - it adds a
lot to the output of the installation, but the user wouldn't be
informed about the need of opening 464 port. However, your proposed
ticket should solve this issue, and will give more specific
information rather than a general advice. See more:

https://fedorahosted.org/freeipa/ticket/3138

I suggest opening a similar ticket for ipa-server-install, at the end
we print a general info message about which ports should be open for
IPA Server to work properly. Re-using the work done in ticket 3138, we
could rather check which particular ports are not opened and therefore
give the user more specific information too.

Tomas

Patch now attached, sorry.

Tomas

ACK, pushed to master and ipa-3-0

rob

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to