[Samba] Samba as DC member UDP ports used

Andrea Cucciarre' acucciarre at cloudian.com
Thu Mar 5 09:57:03 UTC 2020


I have a customer that complains that Samba (as DC member) uses UDP 
during  AD authentication when clients mount a share.
I have run a test and traced network packet and it seems UDP is used by 
the CLDAP (Samba server is, AD is

Frame 1: 133 bytes on wire (1064 bits), 133 bytes captured (1064 bits) 
on interface vmxnet3s0, id 0
Ethernet II, Src: 00:0c:29:92:02:dd, Dst: 00:0c:29:b0:43:a7
Internet Protocol Version 4, *Src:, Dst:*
*User Datagram Protocol*,*Src Port: 60549, Dst Port: 389*
     Source Port: 60549
     Destination Port: 389
     Length: 99
     Checksum: 0x7950 [unverified]
     [Checksum Status: Unverified]
     [Stream index: 0]
*Connectionless Lightweight Directory Access Protocol*
     LDAPMessage searchRequest(10556) "<ROOT>" baseObject
         messageID: 10556
         protocolOp: searchRequest (3)
                 scope: baseObject (0)
                 derefAliases: neverDerefAliases (0)
                 sizeLimit: 0
                 timeLimit: 0
                 typesOnly: False
                     filter: and (0)
                 attributes: 1 item
                     AttributeDescription: NetLogon

I searched in the smb.conf man page and I can change the CLDAP port used 
but it seems I can't force to use TCP.
Is there a way to force Samba to use TCP instead of UDP?
If it's not possible could you please shortly explain why Samba is using 
UDP port.


More information about the samba mailing list