summaryrefslogtreecommitdiffstats
path: root/install/tools/ipa-adtrust-install
diff options
context:
space:
mode:
Diffstat (limited to 'install/tools/ipa-adtrust-install')
-rwxr-xr-xinstall/tools/ipa-adtrust-install52
1 files changed, 28 insertions, 24 deletions
diff --git a/install/tools/ipa-adtrust-install b/install/tools/ipa-adtrust-install
index c0b477102..49bcf54e7 100755
--- a/install/tools/ipa-adtrust-install
+++ b/install/tools/ipa-adtrust-install
@@ -210,30 +210,34 @@ def main():
netbios_name, options.no_msdcs)
smb.create_instance()
- print "=============================================================================="
- print "Setup complete"
- print ""
- print "\tYou must make sure these network ports are open:"
- print "\t\tTCP Ports:"
- print "\t\t * 138: netbios-dgm"
- print "\t\t * 139: netbios-ssn"
- print "\t\t * 445: microsoft-ds"
- print "\t\tUDP Ports:"
- print "\t\t * 138: netbios-dgm"
- print "\t\t * 139: netbios-ssn"
- print "\t\t * 389: (C)LDAP"
- print "\t\t * 445: microsoft-ds"
- print ""
- print "\tAdditionally you have to make sure the FreeIPA LDAP server cannot be reached"
- print "\tby any domain controller in the Active Directory domain by closing the"
- print "\tfollowing ports for these servers:"
- print "\t\tTCP Ports:"
- print "\t\t * 389, 636: LDAP/LDAPS"
- print "\tYou may want to choose to REJECT the network packets instead of DROPing them"
- print "\tto avoid timeouts on the AD domain controllers."
- print ""
- print "\tWARNING: you MUST re-kinit admin user before using 'ipa trust-*' commands family"
- print "\tin order to re-generate Kerberos tickets to include AD-specific information"
+ print """
+=============================================================================
+Setup complete
+
+You must make sure these network ports are open:
+\tTCP Ports:
+\t * 138: netbios-dgm
+\t * 139: netbios-ssn
+\t * 445: microsoft-ds
+\tUDP Ports:
+\t * 138: netbios-dgm
+\t * 139: netbios-ssn
+\t * 389: (C)LDAP
+\t * 445: microsoft-ds
+
+Additionally you have to make sure the FreeIPA LDAP server is not reachable
+by any domain controller in the Active Directory domain by closing down
+the following ports for these servers:
+\tTCP Ports:
+\t * 389, 636: LDAP/LDAPS
+
+You may want to choose to REJECT the network packets instead of DROPing
+them to avoid timeouts on the AD domain controllers.
+
+=============================================================================
+WARNING: you MUST re-kinit admin user before using 'ipa trust-*' commands
+family in order to re-generate Kerberos tickets to include AD-specific
+information"""
return 0