Cannot join as secondary DC - samba 4.2.2 - <bug?>

Rowland Penny repenny241155 at
Sun Jun 7 09:15:02 MDT 2015

On 07/06/15 15:32, bogdan_bartos wrote:
> The did the trick. I have the
> firewall open on both boxes for the samba services. It's firewalld:
> [root at fileserver sbin]# cat /etc/firewalld/services/samba.xml
> <?xml version="1.0" encoding="utf-8"?>
> <service>
>    <short>Samba</short>
>    <description>This option allows you to access and participate in Windows
> file and printer sharing networks. You need the samba package installed for
> this option to be useful.</description>
>    <port protocol="tcp" port="53"/>
>    <port protocol="udp" port="53"/>
>    <port protocol="tcp" port="88"/>
>    <port protocol="udp" port="88"/>
>    <port protocol="tcp" port="135"/>
>    <port protocol="udp" port="137"/>
>    <port protocol="udp" port="138"/>
>    <port protocol="tcp" port="139"/>
>    <port protocol="tcp" port="389"/>
>    <port protocol="tcp" port="445"/>
>    <port protocol="tcp" port="464"/>
>    <port protocol="udp" port="464"/>
>    <port protocol="tcp" port="636"/>
>    <port protocol="tcp" port="1024"/>
>    <port protocol="tcp" port="5353"/>
>    <port protocol="udp" port="5353"/>
>    <module name="nf_conntrack_netbios_ns"/>
> </service>
> [root at fileserver sbin]# firewall-cmd --get-services
> amanda-client amanda-k5-client bacula bacula-client cockpit dhcp dhcpv6
> dhcpv6-client dns freeipa-ldap freeipa-ldaps freeipa-replication ftp
> high-availability http https imaps ipp ipp-client ipsec iscsi-target kadmin
> kerberos kpasswd ldap ldaps libvirt libvirt-tls mdns mosh mountd ms-wbt
> mysql nfs ntp openvpn pmcd pmproxy pmwebapi pmwebapis pop3s postgresql
> privoxy proxy-dhcp puppetmaster radius rpc-bind rsyncd samba samba-client
> sane smtp squid ssh synergy telnet tftp tftp-client tinc tor-socks
> transmission-client vdsm vnc-server wbem-https xmpp-bosh xmpp-client
> xmpp-local xmpp-server
> Samba is in the list... I have no idea why this happened - I have a similar
> environment where provisioning and adding a secondary DC just worked like a
> charm.
> --
> View this message in context:
> Sent from the Samba - samba-technical mailing list archive at

Should have known, first thing I do when setting up a DC is turn off any 
firewall, you can restart it later and if there are problems, you know 
it is the firewall. The problem may be because you cannot run a samba 4 
AD DC on Fedora with the standard packages yet, the firewalld samba xml 
file may not have all the ports required, port 3268 is missing for instance.


More information about the samba-technical mailing list