Finally found issue - I allowed UDP in addtion to TCP and the services started to work!
Hope this helps someone else.
Azure AD Domain Services and Linux IPtables
Hello,
I am trying to allow Azure AD DS services for groups and user information through the Linux firewall (iptables) - using the SSSD service. When IPtables is turned off everything works as expected. I have allowed the incoming and outgoing traffic to the AD DS servers IP addresses, but the information is not getting updated and the SSSD service reports that the "backend offline". Has anyone worked with IPTables, SSSD and AD DS?
I feel I am missing something simple. Below is my iptables configuration, where it says AD_DS_IPADDRESS that is my removed IP address for the two Azure AD DS servers.
iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- AD_DS_IPADDRESS anywhere
ACCEPT tcp -- AD_DS_IPADDRESS anywhere
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- anywhere AD_DS_IPADDRESS
ACCEPT tcp -- anywhere AD_DS_IPADDRESS
3 answers
Sort by: Newest
-
mmac 51 Reputation points
2022-11-29T17:11:42.56+00:00 -
mmac 51 Reputation points
2022-09-07T12:43:47.87+00:00 No that article did not help
-
Carlos Solís Salazar 16,611 Reputation points
2022-09-05T12:57:05.173+00:00 Hi @mmac
Thank you for asking this question on the **Microsoft Q&A Platform. **
Please, review the Virtual network design considerations and configuration options for Azure Active Directory Domain Services documentation
Hope this helps,
----------
Accept Answer and Upvote, if any of the above helped, this thread can help others in the community looking for remediation for similar issues.
NOTE: To answer you as quickly as possible, please mention me in your reply.