Andy, et alia:
If freeipa-client is installed upon Pi-Star 4.2.1 it replaces NTP with ChronyD, would such a change impact the time announcements or other functions within Pi-Star?
73,
Stuart, N3GWG
freeipa-client impact on Pi-Star
freeipa-client impact on Pi-Star
73,
Stuart, N3GWG
Stuart, N3GWG
Re: freeipa-client impact on Pi-Star
Andy, et alia:
Well I think I finally got this worked out too!
I installed FreeIPA from the repositories, but had to create the directory and add the file as follows hereupon in order to get the ipa-client-install command to complete properly.
Despite that FreeIPA switches over to Chrony for network time services it also seems that the time announcements are still happening properly.
1) sudo mkdir -pv /var/log/sssd
2) created /root/ip4v.fw, with the content as follows hereupon:
# FreeIPA Ports that need to be opened:
# 80 tcp (http)
# 443 tcp (https)
## 389 tcp (ldap)
## 636 tcp (ldaps)
# 88 tcp+udp (kerberos)
# 464 tcp+udp (kpasswd)
# 7389 tcp (separate Dogtag instance - used on RHEL 6)
iptables -A OUTPUT -s 192.168.0.0/16 -m state --state NEW -p tcp --dport 389 -j ACCEPT
iptables -A OUTPUT -s 192.168.0.0/16 -m state --state NEW -p tcp --dport 636 -j ACCEPT
iptables -A OUTPUT -s 192.168.0.0/16 -m state --state NEW -p tcp --dport 88 -j ACCEPT
iptables -A OUTPUT -s 192.168.0.0/16 -m state --state NEW -p tcp --dport 464 -j ACCEPT
iptables -A OUTPUT -s 192.168.0.0/16 -m state --state NEW -p tcp --dport 7389 -j ACCEPT
73,
Stuart, N3GWG
Well I think I finally got this worked out too!
I installed FreeIPA from the repositories, but had to create the directory and add the file as follows hereupon in order to get the ipa-client-install command to complete properly.
Despite that FreeIPA switches over to Chrony for network time services it also seems that the time announcements are still happening properly.
1) sudo mkdir -pv /var/log/sssd
2) created /root/ip4v.fw, with the content as follows hereupon:
# FreeIPA Ports that need to be opened:
# 80 tcp (http)
# 443 tcp (https)
## 389 tcp (ldap)
## 636 tcp (ldaps)
# 88 tcp+udp (kerberos)
# 464 tcp+udp (kpasswd)
# 7389 tcp (separate Dogtag instance - used on RHEL 6)
iptables -A OUTPUT -s 192.168.0.0/16 -m state --state NEW -p tcp --dport 389 -j ACCEPT
iptables -A OUTPUT -s 192.168.0.0/16 -m state --state NEW -p tcp --dport 636 -j ACCEPT
iptables -A OUTPUT -s 192.168.0.0/16 -m state --state NEW -p tcp --dport 88 -j ACCEPT
iptables -A OUTPUT -s 192.168.0.0/16 -m state --state NEW -p tcp --dport 464 -j ACCEPT
iptables -A OUTPUT -s 192.168.0.0/16 -m state --state NEW -p tcp --dport 7389 -j ACCEPT
73,
Stuart, N3GWG
73,
Stuart, N3GWG
Stuart, N3GWG