diff options
| -rwxr-xr-x | ipa-client/ipa-install/ipa-client-install | 20 | ||||
| -rw-r--r-- | ipa-client/ipaclient/ipadiscovery.py | 1 |
2 files changed, 19 insertions, 2 deletions
diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install index 7b057a987..8181e5a19 100755 --- a/ipa-client/ipa-install/ipa-client-install +++ b/ipa-client/ipa-install/ipa-client-install @@ -1250,6 +1250,17 @@ def update_ssh_keys(server, hostname, ssh_dir, create_sshfp): if not do_nsupdate(update_txt): root_logger.warning("Could not update DNS SSHFP records.") +def print_port_conf_info(): + root_logger.info( + "Please make sure the following ports are opened " + "in the firewall settings:\n" + " TCP: 80, 88, 389\n" + " UDP: 88 (at least one of TCP/UDP ports 88 has to be open)\n" + "Also note that following ports are necessary for ipa-client " + "working properly after enrollment:\n" + " TCP: 464\n" + " UDP: 464, 123 (if NTP enabled)") + def install(options, env, fstore, statestore): dnsok = False @@ -1379,6 +1390,7 @@ def install(options, env, fstore, statestore): if ret == ipadiscovery.NOT_IPA_SERVER: root_logger.error("%s is not an IPA v2 Server.", cli_server[0]) + print_port_conf_info() root_logger.debug("(%s: %s)", cli_server[0], cli_server_source) return CLIENT_INSTALL_ERROR @@ -1392,8 +1404,9 @@ def install(options, env, fstore, statestore): if ret != 0: root_logger.error("Failed to verify that %s is an IPA Server.", cli_server[0]) - root_logger.error("This may mean that the remote server is not up " + + root_logger.error("This may mean that the remote server is not up " "or is not reachable due to network or firewall settings.") + print_port_conf_info() root_logger.debug("(%s: %s)", cli_server[0], cli_server_source) return CLIENT_INSTALL_ERROR @@ -1442,6 +1455,7 @@ def install(options, env, fstore, statestore): ret = ds.search(domain=cli_domain, server=server, hostname=hostname) if ret == ipadiscovery.NOT_IPA_SERVER: root_logger.error("%s is not an IPA v2 Server.", server) + print_port_conf_info() root_logger.debug("(%s: %s)", server, cli_server_source) return CLIENT_INSTALL_ERROR @@ -1521,7 +1535,8 @@ def install(options, env, fstore, statestore): synced_ntp = ipaclient.ntpconf.synconce_ntp(cli_server[0]) if not synced_ntp: root_logger.warning("Unable to sync time with IPA NTP " + - "server, assuming the time is in sync.") + "server, assuming the time is in sync. Please check " + + "that 123 UDP port is opened.") (krb_fd, krb_name) = tempfile.mkstemp() os.close(krb_fd) if configure_krb5_conf( @@ -1575,6 +1590,7 @@ def install(options, env, fstore, statestore): if returncode != 0: root_logger.error("Kerberos authentication failed") root_logger.info("%s", stdout) + print_port_conf_info() return CLIENT_INSTALL_ERROR elif options.password: nolog = (options.password,) diff --git a/ipa-client/ipaclient/ipadiscovery.py b/ipa-client/ipaclient/ipadiscovery.py index f91d4075a..63acf6200 100644 --- a/ipa-client/ipaclient/ipadiscovery.py +++ b/ipa-client/ipaclient/ipadiscovery.py @@ -290,6 +290,7 @@ class IPADiscovery(object): run(["/usr/bin/wget", "-O", "%s/ca.crt" % temp_ca_dir, "-T", "15", "-t", "2", "http://%s/ipa/config/ca.crt" % format_netloc(thost)]) except CalledProcessError, e: + root_logger.error('Retrieving CA from %s failed', thost) root_logger.debug('Retrieving CA from %s failed: %s', thost, str(e)) return [NOT_IPA_SERVER] |