Hello everybody, I have a FreeIPA setup with AD trust which works properly. I recently noticed that authentication does not work on some freeipa clients which are in a firewalled network. All ports to the FreeIPA servers were allowed in the firewall. Checking the logs , I observed that kerberos client on freeipa clients does try to connect directly to Active Directory Domain Controllers , not only to the KDC in FreeIPA server. Can anyone please explain or point to the documentation where it is mentioned exactly why do we still need direct connectivity to AD on port 88 for FreeIPA clients ?
Regards, iulian _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
