[Samba] RODC in DMZ
Ilias Chasapakis forumZFD
chasapakis at forumZFD.de
Fri Dec 13 09:14:27 UTC 2024
Dear all,
We (me and colleagues) were considering setting an RODC in our DMZ for
some authentication related questions.
We were curious about any suggested best practices for those cases.
We also notice that there are quite a lot of ports to open vs. the ADs.
* TCP 88 (Kerberos Key Distribution Center)
* TCP 135 (Remote Procedure Call)
* TCP 139 (NetBIOS Session Service)
* TCP 389 (LDAP)
* TCP 445 (SMB,Net Logon)
* UDP 53 (DNS)
* UDP 389 (LDAP, DC Locator, Net Logon)
* TCP 49152-65535 (Randomly allocated high TCP ports)
Are there other suggestions from your side to approach the RODC in a
DMZ, keeping the securtity at a decent level?
Many thanks in advance for your suggestions
Best
Ilias
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 665 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20241213/e6fb7e60/OpenPGP_signature.sig>
More information about the samba
mailing list