Samba 4.0 AD DC firewall ports
Andrew Bartlett
abartlet at samba.org
Fri Dec 28 20:14:12 MST 2012
On Sat, 2012-12-29 at 00:29 +0200, Andriy Shinkarchuck wrote:
> 2012/12/29 Andrew Bartlett <abartlet at samba.org>:
> > On Fri, 2012-12-28 at 19:59 +0000, Jon Reeves wrote:
> > One warning on trying to pin this down to a static list of ports.
> > Samba, like Windows, supports dynamic RPC services. The '1024' above is
> > actually a dynamic port, and if something else occupies 1024 for some
> > reason, it will be a different port.
> >
> > We don't just let the kernel allocate it, in the hope that we can grab
> > 1024 (we literally walk up from 1024) but it isn't certain.
>
> Andrew, tell please, is it possible to use for that dynamic port
> (number 1024) such workaround, that NFS has:
> by default NFS server allocates random ports for RPC services, but
> these ports can be defined statically with daemon's command line
> options (and thus with startup config file)? (see
> http://wiki.debian.org/SecuringNFS)
Patches are welcome, but currently the code doesn't support this.
I agree it would be useful to be able to pin this down.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba-technical
mailing list