Andy, et alia:
If freeipa-client is installed upon Pi-Star 4.2.1 it replaces NTP with ChronyD, would such a change impact the time announcements or other functions within Pi-Star?
73,
Stuart, N3GWG
freeipa-client impact on Pi-Star
Re: freeipa-client impact on Pi-Star
Andy, et alia:
Well I think I finally got this worked out too!
I installed FreeIPA from the repositories, but had to create the file as follows hereupon in order to get the ipa-client-install command to complete properly. I also had to execute the command sudo "mkdir /var/log/sssd" as well.
Despite that FreeIPA switches over to Chrony for network time services it also seems that the time announcements are still happening properly.
The file name was: /root/ip4v.fw
# FreeIPA Ports that need to be opened:
# 80 tcp (http)
# 443 tcp (https)
## 389 tcp (ldap)
## 636 tcp (ldaps)
# 88 tcp+udp (kerberos)
# 464 tcp+udp (kpasswd)
# 7389 tcp (separate Dogtag instance - used on RHEL 6)
iptables -A OUTPUT -s 192.168.0.0/16 -m state --state NEW -p tcp --dport 389 -j ACCEPT
iptables -A OUTPUT -s 192.168.0.0/16 -m state --state NEW -p tcp --dport 636 -j ACCEPT
iptables -A OUTPUT -s 192.168.0.0/16 -m state --state NEW -p tcp --dport 88 -j ACCEPT
iptables -A OUTPUT -s 192.168.0.0/16 -m state --state NEW -p tcp --dport 464 -j ACCEPT
iptables -A OUTPUT -s 192.168.0.0/16 -m state --state NEW -p tcp --dport 7389 -j ACCEPT
73,
Stuart, N3GWG
Well I think I finally got this worked out too!
I installed FreeIPA from the repositories, but had to create the file as follows hereupon in order to get the ipa-client-install command to complete properly. I also had to execute the command sudo "mkdir /var/log/sssd" as well.
Despite that FreeIPA switches over to Chrony for network time services it also seems that the time announcements are still happening properly.
The file name was: /root/ip4v.fw
# FreeIPA Ports that need to be opened:
# 80 tcp (http)
# 443 tcp (https)
## 389 tcp (ldap)
## 636 tcp (ldaps)
# 88 tcp+udp (kerberos)
# 464 tcp+udp (kpasswd)
# 7389 tcp (separate Dogtag instance - used on RHEL 6)
iptables -A OUTPUT -s 192.168.0.0/16 -m state --state NEW -p tcp --dport 389 -j ACCEPT
iptables -A OUTPUT -s 192.168.0.0/16 -m state --state NEW -p tcp --dport 636 -j ACCEPT
iptables -A OUTPUT -s 192.168.0.0/16 -m state --state NEW -p tcp --dport 88 -j ACCEPT
iptables -A OUTPUT -s 192.168.0.0/16 -m state --state NEW -p tcp --dport 464 -j ACCEPT
iptables -A OUTPUT -s 192.168.0.0/16 -m state --state NEW -p tcp --dport 7389 -j ACCEPT
73,
Stuart, N3GWG