[PATCH] Use RPC service ports defined for Windows Server 2008 and newer
Andrew Bartlett
abartlet at samba.org
Mon Jan 16 19:25:08 UTC 2017
On Mon, 2017-01-16 at 17:03 +0100, Andreas Schneider wrote:
> On Monday, 16 January 2017 12:57:20 CET Andreas Schneider wrote:
> > Hello,
> >
> > Windows Server 2008 and newer use ports 49152-65535/TCP RPC
> > for LSA, SAM,
> > Netlogon, etc. We should use the same range as those ports get
> > opened by
> > internal firewalls.
> >
> > The attached patchset changes to this port range and makes it
> > possible to
> > change it via smb.conf variables.
>
> Volker asked for only one variable with a range:
>
> rpc port range = 1025-1300
>
>
> The attached patchset implement it the requested way.
I agree this is an improvement over two parameters. My main concern is
for existing AD DC deployments who have hard-coded the existing pattern
in their firewalls. This will need a prominent WHATSNEW at the very
least, and https://wiki.samba.org/index.php/Samba_AD_DC_Port_Usage
updated.
I'm assuming you have a specific reason for the change, other than just
matching current Windows. Can you elaborate on that? Could/should we
add the option but not change the ports?
We also need to work on and at least document the interaction between
this and 'rpc server port', which I added for 4.6, but which only
operates on the AD DC.
Thanks,
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba-technical
mailing list