Samba AD DC Howto 'make over'

Mark Pilant lpilant at us.ibm.com
Mon Jan 21 07:00:07 MST 2013



Hi Ricky.

I took a look at your update, given all my recent interest :-)  In general
it is good.  However I would make the following suggestions:

1)  Add something to say when running with Samba's internal DNS server, the
installer needs to make sure Bind is not installed/enabled on the system.
If Bind is running in addition to Samba's internal DNS server, all manner
of confusion will result.

2)  When running with a firewall, several protocols/ports must be enabled
to allow Samba 4 to operate as expected.  These are:
	o  DNS; port 53
	o  Multicast DNS; port 5353
	o  Samba; ports 139, 445, 137, 138
	o  EPMMAP; port 135
	o  LDAP; port 389
	o Kerberos; port 88
	o Port 1024
	o  VNC-Server; port 5900 (If VNC is needed for the system running
Samba 4)

For krb5.conf, I used the file created as part of the Samba 4 installation;
with the addition of the logging parameters from the original system
Kerberos installation.

These are the changes I found necessary/desirable to successfully build and
install Samba 4 on a RedHat Enterprise Linux 6.3 system, create a domain,
and join a Windows 7 and Windows 8 system to the domain.

- Mark


More information about the samba-technical mailing list