Auth question.
Christopher R. Hertel
crh at ubiqx.mn.org
Wed Jan 22 19:11:22 GMT 2003
On Wed, Jan 22, 2003 at 06:14:49AM -0500, Ken Cross wrote:
> I'm pretty sure that Kerberos uses port 88, but that's just for
> authentication. Port 445 is used for connecting to shares.
>
> We've been running tests blocking ports. With ports 137 - 139 and 445
> blocked for UDP and TCP, the join fails but the computer name is still
> entered in the AD. With just ports 137 - 139 blocked (445 enabled), the
> join succeeds and all client share operations seem to function correctly
> as long as there is no NetBIOS name resolution involved.
>
> Hope this helps.
Thanks, Ken, but it's not really what I'm trying to figure out. The
problem, though, is in my presentation of the question.
More...
On Wed, Jan 22, 2003 at 02:26:43PM +0000, Andrew Bartlett wrote:
> On Wed, Jan 22, 2003 at 12:41:34AM -0600, Christopher R. Hertel wrote:
> > So, unless I'm totally insane, the likelihood of Kerberos auth being
> > used over port 139 is low.
>
> Samba 3.0 listening on 139 only. This can and does happen. Firewall
> rules, or anything else that makes the 445 connect fail. I would not
> attempt to draw this genralisation in a published work ;-)
What I am trying to do is understand the relationship between the
different authentication types and the different transports. It's not the
ports, per. se., that I'm interested in (139 vs. 445), but the
relationship between the different implementations and the different auth
types.
More information about the samba-technical
mailing list