Samba AD DC Howto 'make over'
Ricky Nance
ricky.nance at weaubleau.k12.mo.us
Mon Jan 21 09:34:32 MST 2013
Mark, I went ahead and started a configure your firewall page at
http://wiki.samba.org/index.php/Configure_your_firewall<https://wiki.samba.org/index.php/Configure_your_firewall>
if
you wouldn't mind adding how you added your rules (I am completely out of
the loop when it comes to IPTables) and linked this to the page referenced
in my first mail, also I added the line for the dns troublshooting as well,
however with samba 4.0.1+ this should be less of an issue I hope.
Ricky
On Mon, Jan 21, 2013 at 8:00 AM, Mark Pilant <lpilant at us.ibm.com> wrote:
> Hi Ricky.
>
> I took a look at your update, given all my recent interest :-) In general
> it is good. However I would make the following suggestions:
>
> 1) Add something to say when running with Samba's internal DNS server,
> the installer needs to make sure Bind is not installed/enabled on the
> system. If Bind is running in addition to Samba's internal DNS server, all
> manner of confusion will result.
>
> 2) When running with a firewall, several protocols/ports must be enabled
> to allow Samba 4 to operate as expected. These are:
> o DNS; port 53
> o Multicast DNS; port 5353
> o Samba; ports 139, 445, 137, 138
> o EPMMAP; port 135
> o LDAP; port 389
> o Kerberos; port 88
> o Port 1024
> o VNC-Server; port 5900 (If VNC is needed for the system running Samba 4)
>
> For krb5.conf, I used the file created as part of the Samba 4
> installation; with the addition of the logging parameters from the original
> system Kerberos installation.
>
> These are the changes I found necessary/desirable to successfully build
> and install Samba 4 on a RedHat Enterprise Linux 6.3 system, create a
> domain, and join a Windows 7 and Windows 8 system to the domain.
>
> - Mark
>
--
More information about the samba-technical
mailing list