Samba 4.0 AD DC firewall ports
Andriy Shinkarchuck
adriano32.gnu at gmail.com
Fri Dec 28 15:29:26 MST 2012
2012/12/29 Andrew Bartlett <abartlet at samba.org>:
> On Fri, 2012-12-28 at 19:59 +0000, Jon Reeves wrote:
> One warning on trying to pin this down to a static list of ports.
> Samba, like Windows, supports dynamic RPC services. The '1024' above is
> actually a dynamic port, and if something else occupies 1024 for some
> reason, it will be a different port.
>
> We don't just let the kernel allocate it, in the hope that we can grab
> 1024 (we literally walk up from 1024) but it isn't certain.
Andrew, tell please, is it possible to use for that dynamic port
(number 1024) such workaround, that NFS has:
by default NFS server allocates random ports for RPC services, but
these ports can be defined statically with daemon's command line
options (and thus with startup config file)? (see
http://wiki.debian.org/SecuringNFS)
As for me such solution can satisfy both -j ACCEPT and -j REJECT sympathizers.
With best regards,
Andriy Shynkarchuk
More information about the samba-technical
mailing list