[Samba] Samba AD firewalld services

Rowland Penny rowlandpenny241155 at gmail.com
Thu Aug 27 10:07:42 UTC 2015

On 27/08/15 10:56, Robert Moskowitz wrote:
> On 08/27/2015 03:29 AM, Rowland Penny wrote:
>> On 27/08/15 05:20, Robert Moskowitz wrote:
>>> Now with firewalld, opening up ports is now 'better' done by opening 
>>> services.  So what do I need, for starters it seems:
>>> dns, dhcp, dhcpv6, samba, kerberos
>>> Here is the list of services:
>>> RH-Satellite-6 amanda-client bacula bacula-client dhcp dhcpv6 
>>> dhcpv6-client dns
>>> ftp high-availability http https imaps ipp ipp-client ipsec kerberos 
>>> kpasswd ldap
>>> ldaps libvirt libvirt-tls mdns mountd ms-wbt mysql nfs ntp openvpn 
>>> pmcd pmproxy
>>> pmwebapi pmwebapis pop3s postgresql proxy-dhcp radius rpc-bind samba 
>>> samba-client
>>> smtp ssh telnet tftp tftp-client transmission-client vnc-server 
>>> wbem-https
>> I would have thought the easiest way to get a list of ports you need 
>> is to start everything, and then use netstat to list the listening ones
> Firewalld supports port level control, and there was a nice post that 
> I found here with a search that had the iptables for those ports and 
> nicely annotated.  But Firewalld introduces this 'service' concept, 
> and I would like to use it where possible.  I will have to ask this of 
> the Firewalld developers, most likely if no one here has not already 
> dealt with this.

Well, I don't think I will ever be able to help you with firewalld, it 
sounds like it has something to with systemd and I will never use that 
abortion, I may have to start using freebsd.


>>> I will only be running one AD, but a number of file servers (which 
>>> in Samba4 are really DCs without some services?) .
>> Nope, a fileserver is not a DC without some services, a fileserver, 
>> print server, member server or a Unix client are all basically the 
>> same thing and you should follow the instructions on the member 
>> server wiki page:
>>  https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server
> I had not gotten that far along in my reading.  :)
> thanks for the information.

More information about the samba mailing list