I'm hoping this is a firewall issue but I figured I would check just in
case I'm looking in the wrong direction.
I setup a pair non-CA replicas today and as far as I could tell everything
seemed to be okay but I noticed that when searching via the web ui on the
new replicas it would take 2 minutes to return information.
I the logs I noticed this time out error which is what I assumed was the
culprit:
[Wed Jun 07 14:48:31.155444 2017] [:error] [pid 14384] ipa: ERROR:
ra.find(): Unable to communicate with CMS ([Errno 110] Connection timed out)
I can see in tcpdump connections over ldap and 8080 which should be open
between the two and I wanted to verify if there should be any other ports
open that aren't covered in the install instructions or maybe something I
missed (7389 perhaps because its 4.x to 3.x communication).
Also I was hoping to cut down traffic across the network since the new
servers are in the EU and the old ones are in the US. Are there any
tips/instructions on doing something like this if its even possible?
# firewall-cmd --zone=public --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: ens224
sources:
services: dns http https kerberos kpasswd ldap ldaps ntp snmp ssh
Thanks!
--
John Bowman
Show replies by date