FW: samba port 135 conflict with dce service on hpux

Volker Lendecke Volker.Lendecke at SerNet.DE
Mon Jan 15 07:37:55 UTC 2018

On Mon, Jan 15, 2018 at 06:41:22AM +0000, Kumar, Arjit (SSTO) via samba-technical wrote:
> Hi Andrew,
> >> Is there a good reason why you can't run up a Linux VM for the AD DC?
> We are working official to enable AD DC on HP-UX 11i v3 at IA-64 platforms.
> We can’t stop dced service running on port 135 on hpux.
> Please suggest alternatives for the same.

This will be quite a challenge: Samba needs to register RPC services
with the endpoint mapper, so that clients can find it.  This
registration is deeply embedded in Samba's RPC engine. To be honest,
I'd have to look myself in what places this happens. With some
knowledge of Samba code this can't be hard to find though, and we have
experts here on the list that can more quickly spot it.

The challenge now is: Externalize this registration. Wherever Samba
uses internal APIs to communicate with the EPM, this needs to be
changed to talk to the hpux version using official RPC registration.
Also, Samba needs to provide EPM services over ncacn_np (i.e. over
smb). This needs to be proxied such that the port 135 epm is being
asked when a client comes in via SMB.

If you have any questions, feel free to ask. If you have patches, even
better :-)

With best regards,

Volker Lendecke

Besuchen Sie die verinice.XP 2018 in Berlin,
Anwenderkonferenz für Informationssicherheit
vom 21.-23.03.2018 im Sofitel Kurfürstendamm
Info & Anmeldung hier: http://veriniceXP.org

SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de

More information about the samba-technical mailing list