diff options
Diffstat (limited to 'install/tools/ipa-adtrust-install')
| -rwxr-xr-x | install/tools/ipa-adtrust-install | 52 |
1 files changed, 28 insertions, 24 deletions
diff --git a/install/tools/ipa-adtrust-install b/install/tools/ipa-adtrust-install index c0b477102..49bcf54e7 100755 --- a/install/tools/ipa-adtrust-install +++ b/install/tools/ipa-adtrust-install @@ -210,30 +210,34 @@ def main(): netbios_name, options.no_msdcs) smb.create_instance() - print "==============================================================================" - print "Setup complete" - print "" - print "\tYou must make sure these network ports are open:" - print "\t\tTCP Ports:" - print "\t\t * 138: netbios-dgm" - print "\t\t * 139: netbios-ssn" - print "\t\t * 445: microsoft-ds" - print "\t\tUDP Ports:" - print "\t\t * 138: netbios-dgm" - print "\t\t * 139: netbios-ssn" - print "\t\t * 389: (C)LDAP" - print "\t\t * 445: microsoft-ds" - print "" - print "\tAdditionally you have to make sure the FreeIPA LDAP server cannot be reached" - print "\tby any domain controller in the Active Directory domain by closing the" - print "\tfollowing ports for these servers:" - print "\t\tTCP Ports:" - print "\t\t * 389, 636: LDAP/LDAPS" - print "\tYou may want to choose to REJECT the network packets instead of DROPing them" - print "\tto avoid timeouts on the AD domain controllers." - print "" - print "\tWARNING: you MUST re-kinit admin user before using 'ipa trust-*' commands family" - print "\tin order to re-generate Kerberos tickets to include AD-specific information" + print """ +============================================================================= +Setup complete + +You must make sure these network ports are open: +\tTCP Ports: +\t * 138: netbios-dgm +\t * 139: netbios-ssn +\t * 445: microsoft-ds +\tUDP Ports: +\t * 138: netbios-dgm +\t * 139: netbios-ssn +\t * 389: (C)LDAP +\t * 445: microsoft-ds + +Additionally you have to make sure the FreeIPA LDAP server is not reachable +by any domain controller in the Active Directory domain by closing down +the following ports for these servers: +\tTCP Ports: +\t * 389, 636: LDAP/LDAPS + +You may want to choose to REJECT the network packets instead of DROPing +them to avoid timeouts on the AD domain controllers. + +============================================================================= +WARNING: you MUST re-kinit admin user before using 'ipa trust-*' commands +family in order to re-generate Kerberos tickets to include AD-specific +information""" return 0 |