Samba AD DC Howto 'make over'

Ricky Nance ricky.nance at weaubleau.k12.mo.us
Sun Jan 27 22:58:14 MST 2013


Howto temp page has been updated, any other suggestions/comments on this?
How about thoughts on making this THE howto?

Ricky


On Mon, Jan 21, 2013 at 10:34 AM, Ricky Nance <
ricky.nance at weaubleau.k12.mo.us> wrote:

> Mark, I went ahead and started a configure your firewall page at
> http://wiki.samba.org/index.php/Configure_your_firewall<https://wiki.samba.org/index.php/Configure_your_firewall> if
> you wouldn't mind adding how you added your rules (I am completely out of
> the loop when it comes to IPTables) and linked this to the page referenced
> in my first mail, also I added the line for the dns troublshooting as well,
> however with samba 4.0.1+ this should be less of an issue I hope.
>
> Ricky
>
>
> On Mon, Jan 21, 2013 at 8:00 AM, Mark Pilant <lpilant at us.ibm.com> wrote:
>
>> Hi Ricky.
>>
>> I took a look at your update, given all my recent interest :-)  In
>> general it is good.  However I would make the following suggestions:
>>
>> 1)  Add something to say when running with Samba's internal DNS server,
>> the installer needs to make sure Bind is not installed/enabled on the
>> system.  If Bind is running in addition to Samba's internal DNS server, all
>> manner of confusion will result.
>>
>> 2)  When running with a firewall, several protocols/ports must be enabled
>> to allow Samba 4 to operate as expected.  These are:
>>  o  DNS; port 53
>>  o  Multicast DNS; port 5353
>>  o  Samba; ports 139, 445, 137, 138
>>  o  EPMMAP; port 135
>>  o  LDAP; port 389
>>  o Kerberos; port 88
>>  o Port 1024
>>  o  VNC-Server; port 5900 (If VNC is needed for the system running Samba
>> 4)
>>
>> For krb5.conf, I used the file created as part of the Samba 4
>> installation; with the addition of the logging parameters from the original
>> system Kerberos installation.
>>
>> These are the changes I found necessary/desirable to successfully build
>> and install Samba 4 on a RedHat Enterprise Linux 6.3 system, create a
>> domain, and join a Windows 7 and Windows 8 system to the domain.
>>
>> - Mark
>>
>
>
>
> --
>
>


--


More information about the samba-technical mailing list