More FreeIPA Updates

freeipa.txt

@@ -1,33 +1,27 @@
-https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/identity_management_guide/index
-https://youtu.be/xzfHRJNjqDI
-https://www.freeipa.org/page/Howto/ISC_DHCPd_and_Dynamic_DNS_update
+# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/identity_management_guide/index / https://youtu.be/xzfHRJNjqDI / https://www.freeipa.org/page/Howto/ISC_DHCPd_and_Dynamic_DNS_update
 # FreeIPA requires over 2Gb+ in /usr - Change to root, Check DNS
+
 systemd-resolve --status enp1s0
-firewall-cmd --add-service=freeipa-ldap --add-service=freeipa-ldaps
+firewall-cmd --get-active-zones
+firewall-cmd --list-all
 firewall-cmd --add-service=freeipa-ldap --add-service=freeipa-ldaps --permanent
+firewall-cmd --add-port 80/tcp --permanent
+firewall-cmd --add-port 443/tcp --permanent
+firewall-cmd --add-port 389/tcp --permanent
+firewall-cmd --add-port 636/tcp --permanent
+firewall-cmd --add-port 88/tcp --permanent
+firewall-cmd --add-port 464/tcp --permanent
+firewall-cmd --add-port 7389/tcp --permanent
+firewall-cmd --add-port 88/udp --permanent
+firewall-cmd --add-port 464/udp --permanent
+firewall-cmd --add-port 53/udp --permanent
+firewall-cmd --add-port 123/udp --permanent
+firewall-cmd --reload
+firewall-cmd --list-all
+
 dnf install freeipa-server freeipa-server-dns nfs-utils
 ipa-server-install --mkhomedir
 
-Setup complete: Next steps:
-        1. You must make sure these network ports are open:
-                TCP Ports:
-                  * 80, 443: HTTP/HTTPS
-                  * 389, 636: LDAP/LDAPS
-                  * 88, 464: kerberos
-                  * 53: bind
-                  * 7389: Dogtag Certificate System - LDAP
-                UDP Ports:
-                  * 88, 464: kerberos
-                  * 53: bind
-                  * 123: ntp
-        2. You can now obtain a kerberos ticket using the command: 'kinit admin'
-           This ticket will allow you to use the IPA tools (e.g., ipa user-add)
-           and the web user interface.
-Be sure to back up the CA certificates stored in /root/cacert.p12
-These files are required to create replicas. The password for these
-files is the Directory Manager password
-The ipa-server-install command was successful
-
 reboot
 fips-mode-setup --enable
 reboot
@@ -38,7 +32,6 @@ kinit admin
 klist
 
 # REPLICA - Server A can be installed with a CA and DNS services, while Replica A can be based on Server A's configuration but not host either DNS or CA services. Replica B can be added to the domain, also without CA or DNS services. At any time in the future, a CA or DNS service can be created and configured on Replica A or Replica B.
-
 __________________________________________________________
 
 # Setup for client: