On Thu, Aug 29, 2019 at 11:57 AM lejeczek via FreeIPA-users <freeipa-users@lists.fedorahosted.org> wrote: > > On 29/08/2019 08:20, Florence Blanc-Renaud wrote: > > On 8/28/19 1:31 PM, lejeczek via FreeIPA-users wrote: > >> hi guys, > >> > >> with IPA replication on a "publicly" exposed network what IPA(and > >> related) services/ports, if any, can be closed? What is that bare > >> minimum that need to stay opened so replication cannot be harmed? > >> > > Hi, > > > > the replication happens on the LDAP port. Please refer to [1] Port > > Requirements for the whole list. > > HTH, > > flo > > > > [1] > > https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/linux_domain_identity_authentication_and_policy_guide/installing-ipa#prereq-ports > > > Thus I take it that only LDAP/s ports need to stay opened for > replication to work, rest can be closed. > > If one would wanted to add AD incoming trust, which ports/services must > opened for that, if any?
These are listed in the Windows Integration Guide: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/windows_integration_guide/trust-during#trust-req-ports > many thanks, L. > > >> No IPA clients in traditional sense, except for DNS, on that "public" > >> net. > >> > >> many thanks, L. > >> > >> > >> > >> _______________________________________________ > >> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > >> To unsubscribe send an email to > >> freeipa-users-le...@lists.fedorahosted.org > >> Fedora Code of Conduct: > >> https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > >> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > >> List Archives: > >> https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org > >> > > > > _______________________________________________ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
