[Samba] Samba AD firewalld services

Robert Moskowitz rgm at htt-consult.com
Thu Aug 27 09:56:49 UTC 2015

On 08/27/2015 03:29 AM, Rowland Penny wrote:
> On 27/08/15 05:20, Robert Moskowitz wrote:
>> Now with firewalld, opening up ports is now 'better' done by opening 
>> services.  So what do I need, for starters it seems:
>> dns, dhcp, dhcpv6, samba, kerberos
>> Here is the list of services:
>> RH-Satellite-6 amanda-client bacula bacula-client dhcp dhcpv6 
>> dhcpv6-client dns
>> ftp high-availability http https imaps ipp ipp-client ipsec kerberos 
>> kpasswd ldap
>> ldaps libvirt libvirt-tls mdns mountd ms-wbt mysql nfs ntp openvpn 
>> pmcd pmproxy
>> pmwebapi pmwebapis pop3s postgresql proxy-dhcp radius rpc-bind samba 
>> samba-client
>> smtp ssh telnet tftp tftp-client transmission-client vnc-server 
>> wbem-https
> I would have thought the easiest way to get a list of ports you need 
> is to start everything, and then use netstat to list the listening ones

Firewalld supports port level control, and there was a nice post that I 
found here with a search that had the iptables for those ports and 
nicely annotated.  But Firewalld introduces this 'service' concept, and 
I would like to use it where possible.  I will have to ask this of the 
Firewalld developers, most likely if no one here has not already dealt 
with this.

>> I will only be running one AD, but a number of file servers (which in 
>> Samba4 are really DCs without some services?) .
> Nope, a fileserver is not a DC without some services, a fileserver, 
> print server, member server or a Unix client are all basically the 
> same thing and you should follow the instructions on the member server 
> wiki page:
>  https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server

I had not gotten that far along in my reading.  :)

thanks for the information.

More information about the samba mailing list