Cannot see the domain controller

Bogdan Bartos admin at blackpenguin.org
Thu May 16 21:15:04 MDT 2013 

What are those ports? Tcp or udp?
-----------------------
BlackPenguin.Org Admin | Linux administration
h. 1.403.266.1513 | c. 1.403.919.5699
admin at blackpenguin.org | http://www.blackpenguin.org

-----Original Message-----
From: "C.J. Adams-Collier" <cjac at colliertech.org>
Date: Thu, 16 May 2013 20:13:59 
To: BlackPenguin ADMIN<admin at blackpenguin.org>
Cc: samba tech<samba-technical at lists.samba.org>; <ab at altlinux.org>
Subject: Re: Cannot see the domain controller

Open the ports for multicast dns
On May 16, 2013 7:35 PM, "BlackPenguin ADMIN" <admin at blackpenguin.org>
wrote:

> I have samba-ad in the services list in the work zone:
>
> [root at pdc zones]# firewall-cmd --get-services
> cluster-suite pop3s bacula-client smtp ipp radius bacula ftp mdns samba
> dhcpv6-client https openvpn imaps samba-client http dns ntp vnc-server
> telnet libvirt ssh samba-ad ipsec ipp-client amanda-client tftp-client nfs
> tftp libvirt-tls
>
> The work zone looks like this:
>
> <?xml version="1.0" encoding="utf-8"?>
> <zone>
>   <short>Work</short>
>   <description>For use in work areas. You mostly trust the other computers
> on networks to not harm your computer. Only selected incoming connections
> are accepted.</description>
>   <service name="ssh"/>
>   <service name="samba-ad"/>
>   <service name="mdns"/>
>   <service name="ipp-client"/>
>   <service name="dhcpv6-client"/>
> </zone>
>
> The samba-ad.xml looks like this:
>
> <?xml version="1.0" encoding="utf-8"?>
> <service>
>   <short>Samba</short>
>   <description>This option allows you to access and participate in Windows
> file and printer sharing networks. You need the samba package installed for
> this option to be useful.</description>
>   <port protocol="tcp" port="1024"/>
>   <port protocol="tcp" port="88"/>
>   <port protocol="udp" port="88"/>
>   <port protocol="tcp" port="464"/>
>   <port protocol="udp" port="464"/>
>   <port protocol="tcp" port="389"/>
>   <port protocol="tcp" port="636"/>
>   <port protocol="tcp" port="135"/>
>   <port protocol="tcp" port="5353"/>
>   <port protocol="udp" port="5353"/>
>   <port protocol="tcp" port="53"/>
>   <port protocol="udp" port="53"/>
>   <port protocol="udp" port="137"/>
>   <port protocol="udp" port="138"/>
>   <port protocol="tcp" port="139"/>
>   <port protocol="tcp" port="445"/>
>   <module name="nf_conntrack_netbios_ns"**/>
> </service>
>
> I still cannot find the domain controller in the machine list. Unless I
> specifically type \\PDC, or \\PDC.BLACKPENGUIN.ORG. Fedora 18 does not
> even see it - same as before.
>
> On 05/16/2013 09:29 AM, Alexander Bokovoy wrote:
>
>>
>> FirewallD documentation:
>> http://fedoraproject.org/wiki/**FirewallD#Runtime_zone_**handling<http://fedoraproject.org/wiki/FirewallD#Runtime_zone_handling>
>>
>> Now, you need to create a service definition since existing
>> /usr/lib/firewalld/services/**samba.xml does not include LDAP ports (and
>> DNS, ...).
>> Copy samba.xml to, say, samba-ad.xml. Add needed ports inside and use
>> firewall-cmd to enable service in needed zone. Use --permanent option to
>> firewall-cmd to save the zone changes.
>>
>>
>>
>> On Thu, May 16, 2013 at 5:50 PM, Bogdan Bartos <admin at blackpenguin.org<mailto:
>> admin at blackpenguin.org**>> wrote:
>>
>>     I have firewalld running. What rule do I need to put in, so I make
>>     the browsing work?
>>     -----------------------
>>     BlackPenguin.Org Admin | Linux administration
>>     h. 1.403.266.1513 | c. 1.403.919.5699
>>     admin at blackpenguin.org <mailto:admin at blackpenguin.org**> |
>>     http://www.blackpenguin.org
>>     ------------------------------**------------------------------**
>> ------------
>>     *From: * Alexander Bokovoy <ab at altlinux.org <mailto:ab at altlinux.org>>
>>     *Sender: * ab at 7ia.org <mailto:ab at 7ia.org>
>>     *Date: *Thu, 16 May 2013 17:47:34 +0300
>>     *To: *BlackPenguin ADMIN<admin at blackpenguin.org
>>     <mailto:admin at blackpenguin.org**>>
>>     *ReplyTo: * ab at altlinux.org <mailto:ab at altlinux.org>
>>     *Cc: *samba-technical<samba-**technical at lists.samba.org<samba-technical at lists.samba.org>
>>     <mailto:samba-technical at lists.**samba.org<samba-technical at lists.samba.org>
>> >>
>>     *Subject: *Re: Cannot see the domain controller
>>
>>     Make sure you have manual firewall or amended firewalld
>>     configuration properly. Firewalld will otherwise conflict with
>>     your setup in F18.
>>
>>     --     / Alexander Bokovoy
>>
>>     16.05.2013 16:34 пользователь "bogdan_bartos"
>>     <admin at blackpenguin.org <mailto:admin at blackpenguin.org**>> написал:
>>
>>         I opened the ports specified for Windows 2008 server except
>>         the dynamic ones
>>         that I cannot predict:
>>         http://technet.microsoft.com/**en-us/library/dd772723%28v=ws.**
>> 10%29.aspx<http://technet.microsoft.com/en-us/library/dd772723%28v=ws.10%29.aspx>
>>
>>         Like you noticed, the issue seems to be with a Samba 4.0.5
>>         running on Fedora
>>         18 x64. Is samba 4 normally presenting itself for browsing? Is
>>         there a
>>         configuration that I have to do, so the server becomes visible
>>         for browsing?
>>         Thanks.
>>
>>
>>
>>         --
>>         View this message in context:
>>         http://samba.2283325.n4.**nabble.com/Cannot-see-the-**
>> domain-controller-**tp4648145p4648203.html<http://samba.2283325.n4.nabble.com/Cannot-see-the-domain-controller-tp4648145p4648203.html>
>>         Sent from the Samba - samba-technical mailing list archive at
>>         Nabble.com.
>>
>>
>>
>>
>> --
>> / Alexander Bokovoy
>>
>
> --
> *BlackPenguin ADMIN | Linux administration*
> admin at blackpenguin.org | http://www.blackpenguin.org
> h. 001.403.266.1513 | c. 001.403.919.5699
>

More information about the samba-technical mailing list