[PATCH] Use RPC service ports defined for Windows Server 2008 and newer
Andreas Schneider
asn at samba.org
Mon Jan 16 22:01:42 UTC 2017
On Tuesday, 17 January 2017 06:25:08 CET Andrew Bartlett wrote:
> On Mon, 2017-01-16 at 17:03 +0100, Andreas Schneider wrote:
> > On Monday, 16 January 2017 12:57:20 CET Andreas Schneider wrote:
> > > Hello,
> > >
> > > Windows Server 2008 and newer use ports 49152-65535/TCP RPC
> > > for LSA, SAM,
> > > Netlogon, etc. We should use the same range as those ports get
> > > opened by
> > > internal firewalls.
> > >
> > > The attached patchset changes to this port range and makes it
> > > possible to
> > > change it via smb.conf variables.
> >
> > Volker asked for only one variable with a range:
> >
> > rpc port range = 1025-1300
> >
> >
> > The attached patchset implement it the requested way.
>
> I agree this is an improvement over two parameters. My main concern is
> for existing AD DC deployments who have hard-coded the existing pattern
> in their firewalls. This will need a prominent WHATSNEW at the very
> least, and https://wiki.samba.org/index.php/Samba_AD_DC_Port_Usage
> updated.
>
> I'm assuming you have a specific reason for the change, other than just
> matching current Windows. Can you elaborate on that? Could/should we
> add the option but not change the ports?
I have customers who request this because their firewalls are configured for
that port range. I do not want to open another one for RPC.
This is a major change only for a major release that's why I opened a bug.
Once it is in I will document it in WHATSNEW.txt
> We also need to work on and at least document the interaction between
> this and 'rpc server port', which I added for 4.6, but which only
> operates on the AD DC.
I will propose a patch, you can update it with the needed text for that option
then. :-)
Andreas
--
Andreas Schneider GPG-ID: CC014E3D
Samba Team asn at samba.org
www.samba.org
More information about the samba-technical
mailing list