[Samba] firewalld services to open for an ADDC

Jeff Sadowski jeff.sadowski at gmail.com
Tue Feb 13 15:46:05 UTC 2018 

On Tue, Feb 13, 2018 at 8:30 AM, L.P.H. van Belle via samba
<samba at lists.samba.org> wrote:
> Hai,
>
> If you use that or the AD, then its incomplete, imo.
> Your missing ldaps (636) and the GC (ssl) 3268/3269) ports and maybe NTP (123/tcp) if installed.
> Maybe you dont need them, just an observation.
>

Oh I see I need to look at the ports in the chart not just the ones
listed in the example.

I'll add to my list.

>
> Greetz,
>
> Louis
>
>
>
>> -----Oorspronkelijk bericht-----
>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Jeff
>> Sadowski via samba
>> Verzonden: dinsdag 13 februari 2018 16:05
>> Aan: Marc Muehlfeld
>> CC: Ing. Luis Felipe Domíngu.
>> Onderwerp: Re: [Samba] firewalld services to open for an ADDC
>>
>> On Mon, Feb 12, 2018 at 11:50 PM, Marc Muehlfeld
>> <mmuehlfeld at samba.org> wrote:
>> > Hi Jeff,
>> >
>> > Am 13.02.2018 um 05:16 schrieb Jeff Sadowski via samba:
>> >> So my question is what services or ports am I missing to open?
>> >
>> > AD DCs:
>> > https://wiki.samba.org/index.php/Samba_AD_DC_Port_Usage
>>
>> perfect exactly what I was looking for
>> I found some docs about firewalld that the service files are kept in
>> /usr/lib/firewalld/services
>> so I did
>> [root at dc1 ~]# grep -e 139 -e 88 -e 445
>> /usr/lib/firewalld/services/*.xml
>> /usr/lib/firewalld/services/freeipa-ldaps.xml:  <port
>> protocol="tcp" port="88"/>
>> /usr/lib/firewalld/services/freeipa-ldaps.xml:  <port
>> protocol="udp" port="88"/>
>> /usr/lib/firewalld/services/freeipa-ldap.xml:  <port
>> protocol="tcp" port="88"/>
>> /usr/lib/firewalld/services/freeipa-ldap.xml:  <port
>> protocol="udp" port="88"/>
>> /usr/lib/firewalld/services/freeipa-trust.xml:  <port protocol="tcp"
>> port="138-139"/>
>> /usr/lib/firewalld/services/freeipa-trust.xml:  <port protocol="udp"
>> port="138-139"/>
>> /usr/lib/firewalld/services/freeipa-trust.xml:  <port protocol="tcp"
>> port="445"/>
>> /usr/lib/firewalld/services/freeipa-trust.xml:  <port protocol="udp"
>> port="445"/>
>> /usr/lib/firewalld/services/kerberos.xml:  <port
>> protocol="tcp" port="88"/>
>> /usr/lib/firewalld/services/kerberos.xml:  <port
>> protocol="udp" port="88"/>
>> /usr/lib/firewalld/services/samba.xml:  <port protocol="tcp"
>> port="139"/>
>> /usr/lib/firewalld/services/samba.xml:  <port protocol="tcp"
>> port="445"/>
>> so by adding
>>
>> firewall-cmd --add-service=dns --permanent
>> firewall-cmd --add-service=samba --permanent
>> firewall-cmd --add-service=kerberos --permanent
>> firewall-cmd --reload
>>
>> I should have all the ports I need.
>> Thank you.
>>
>> >
>> > Domain members:
>> > https://wiki.samba.org/index.php/Samba_Domain_Member_Port_Usage
>> >
>> >
>> > Regards,
>> > Marc
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list