Samba AD DC Howto 'make over'
Mark Pilant
lpilant at us.ibm.com
Mon Jan 21 07:00:07 MST 2013
Hi Ricky.
I took a look at your update, given all my recent interest :-) In general
it is good. However I would make the following suggestions:
1) Add something to say when running with Samba's internal DNS server, the
installer needs to make sure Bind is not installed/enabled on the system.
If Bind is running in addition to Samba's internal DNS server, all manner
of confusion will result.
2) When running with a firewall, several protocols/ports must be enabled
to allow Samba 4 to operate as expected. These are:
o DNS; port 53
o Multicast DNS; port 5353
o Samba; ports 139, 445, 137, 138
o EPMMAP; port 135
o LDAP; port 389
o Kerberos; port 88
o Port 1024
o VNC-Server; port 5900 (If VNC is needed for the system running
Samba 4)
For krb5.conf, I used the file created as part of the Samba 4 installation;
with the addition of the logging parameters from the original system
Kerberos installation.
These are the changes I found necessary/desirable to successfully build and
install Samba 4 on a RedHat Enterprise Linux 6.3 system, create a domain,
and join a Windows 7 and Windows 8 system to the domain.
- Mark
More information about the samba-technical
mailing list