[Samba] Unable to join domain when DC firewall is active
Rob Campbell
robcampbell08105 at gmail.com
Mon Jan 1 02:21:21 UTC 2024
Thanks. I did read that. Maybe my understanding is wrong. I thought that
by adding the samba service, everything that shows as samba would be
enabled. 445, 139, etc didn't have samba so I added them with --add-port.
Is that not an accurate assumption? Do I need to open each of those ports
individually rather than allowing the service? The only thing I don't see
is:
tcp 0 0 10.99.0.1:46322 10.99.0.7:1024 ESTABLISHED
16211/samba
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In all things, Be Intentional.
On Sun, Dec 31, 2023 at 9:01 PM miguel medalha <medalist at sapo.pt> wrote:
> Maybe reading this Samba Wiki page will help you (a lot):
>
> "The samba service, which provides the AD DC features, requires that the
> following ports are opened on the DC:"
>
> etc, etc,
>
> Samba AD DC Port Usage
> https://wiki.samba.org/index.php/Samba_AD_DC_Port_Usage
>
>
> -----Original Message-----
> From: samba [mailto:samba-bounces at lists.samba.org] On Behalf Of Rob
> Campbell
> via samba
> Sent: 1 de janeiro de 2024 00:48
> To: sambalist <samba at lists.samba.org>
> Subject: [Samba] Unable to join domain when DC firewall is active
>
> I'm unable to join my computer to the domain.
>
> On the domain controller, initially I only had firewall-cmd --permanent
> --add-service=samba but that didn't work. The computer couldn't join but
> when I turned off the firewall all-together I was able to join.
>
> I then tried firewall-cmd --permanent
> --add-service={samba,dns,ldap,ldaps,kerberos,kpasswd} but that didn't work
> either.
>
> Are there some other services and/or ports I need to open?
>
> I've also tried firewall-cmd --permanent --add-port={137,138,139,445}/tcp
> and firewall-cmd --permanent --add-port={137,138,139,445}/udp just to see
> if it would work but it didn't.
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> In all things, Be Intentional.
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list