[Samba] ms-rpc dynamic port range
abartlet at samba.org
Fri Oct 28 01:24:32 UTC 2016
On Thu, 2016-10-27 at 20:39 +0200, Denis Cardon via samba wrote:
> Hi everyone,
> According to the samba wiki page , samba ms-rpc dynamic port range
> 1024-5000, which looks mostly coherent with a quick tcpdump
> However it seems like there are also some connection in the upper
> or MS-RPC 49152-65535.
> It seems that the lower range would be for AD2003 according to
> and that the upper range would be for AD2008 and up .
> So my question is, what is the range that is used?
1024, or whatever the first available port it can bind to.
We don't even use a second port right now, but I want to fix that to
help make NETLOGON multi-process.
> Actually, I grep'ing
> in the source code was quite unlucky because I didn't even found
> it was defined in samba source code... And I guess there aren't any
> smb.conf parameter to control those values?
> I was digging into this question after negotiating port openings for
> dynamic range with the network/security team at a client.
> Another similar question I have is about the drs replication port,
> if it can be set to a fixed value in order to limit the replication
> partners through firewalling, like in MS KB224196 ?
I would like to add that. My plan is to allow specification of a port
per-service. That will help me work around a limitation in
socket_wrapper and help your use case.
I also think we should have further limitations on DRS access, eg by
forcing all DRS traffic to only access Samba over SSH.
Authentication Developer, Samba Team https://samba.org
Samba Development and Support, Catalyst IT
More information about the samba