[Samba] Samba as DC member UDP ports used

Thu Mar 5 09:57:03 UTC 2020

Hello,

I have a customer that complains that Samba (as DC member) uses UDP 
during  AD authentication when clients mount a share.
I have run a test and traced network packet and it seems UDP is used by 
the CLDAP (Samba server is 10.50.50.35, AD is 10.50.50.85)

Frame 1: 133 bytes on wire (1064 bits), 133 bytes captured (1064 bits) 
on interface vmxnet3s0, id 0
Ethernet II, Src: 00:0c:29:92:02:dd, Dst: 00:0c:29:b0:43:a7
Internet Protocol Version 4, *Src: 10.50.50.35, Dst: 10.50.50.85*
*User Datagram Protocol*,*Src Port: 60549, Dst Port: 389*
     Source Port: 60549
     Destination Port: 389
     Length: 99
     Checksum: 0x7950 [unverified]
     [Checksum Status: Unverified]
     [Stream index: 0]
     [Timestamps]
*Connectionless Lightweight Directory Access Protocol*
     LDAPMessage searchRequest(10556) "<ROOT>" baseObject
         messageID: 10556
         protocolOp: searchRequest (3)
             searchRequest
                 baseObject:
                 scope: baseObject (0)
                 derefAliases: neverDerefAliases (0)
                 sizeLimit: 0
                 timeLimit: 0
                 typesOnly: False
                 Filter: 
(&(&(NtVer=0x00000006)(DnsDomain=HF3.LOCAL))(AAC=00:00:00:00))
                     filter: and (0)
                         and: 
(&(&(NtVer=0x00000006)(DnsDomain=HF3.LOCAL))(AAC=00:00:00:00))
                 attributes: 1 item
                     AttributeDescription: NetLogon

I searched in the smb.conf man page and I can change the CLDAP port used 
but it seems I can't force to use TCP.
Is there a way to force Samba to use TCP instead of UDP?
If it's not possible could you please shortly explain why Samba is using 
UDP port.

Regards
Andrea