[Samba] ldap and ldaps udp needed?

Denis Cardon denis.cardon at tranquil-it-systems.fr
Fri Aug 28 06:57:52 UTC 2015

Hi Robert,

> Am 27.08.2015 um 15:19 schrieb Robert Moskowitz:
>> In an earlier post of iptables rules, ldap and ldaps udp were included.
>> the firewalld service for ldap and ldaps are only tcp.  Do people
>> actually see udp requests comming in for these, or were they included
>> 'for completeness'.
> Start a capture with wireshark/tcpdump/etc. on a DC and see what reaches
> on 389/udp during the day. ;-)
> https://technet.microsoft.com/en-us/library/dd772723(v=ws.10).aspx
> tell some information, what actions use with ports.

to be a little more specific, ldap udp/389, aka cldap or "connection 
less" ldap, is used (at least) for site discovery when the windows 
workstation starts and needs to find its closest domain controler.

When you confirure site and services in active directory, you set up 
subnets, sites and place DCs in the corresponding sites.

In order to contact the closest DC, the workstation will first make a 
cldap query to get the site name corresponding to its subnet, and then 
query the SRV files under _sites.mydom.lan to get the matching DC.

Some pointers:



> Regards,
> Marc

Denis Cardon
Tranquil IT Systems
Les Espaces Jules Verne, bâtiment A
12 avenue Jules Verne
44230 Saint SĂ©bastien sur Loire
tel : +33 (0)

More information about the samba mailing list