[Samba] {Device Timeout} The I/O operation specified in %hs was not completed before the timeout period expired

Elias Pereira empbilly at gmail.com
Wed Jan 3 17:42:54 UTC 2024


>
> and not between your DCs.

You're right. If it's on the same network/vlan, it doesn't go through the
gateway/firewall.

On Wed, Jan 3, 2024 at 2:37 PM Elias Pereira <empbilly at gmail.com> wrote:

> Yes and you need more than those ports, see here:
>
> Yes, I checked the link before testing the ports. The only ones I left out in
> the first test, were the 49152-65535 range.
>
> root at dc2:~# netstat -plaunt | egrep "ntp|bind|named|samba|?mbd"
> https://pastebin.com/raw/NbECKVB8
>
> Where does pfsense come into this ? From my understanding, pfsense is a
>> firewall/router device and should be between your DCs and the internet
>> and not between your DCs.
>
>
> By default, pfsense starts blocking everything and we have to allow/open what
> we really need.
>
> On Wed, Jan 3, 2024 at 1:54 PM Rowland Penny via samba <
> samba at lists.samba.org> wrote:
>
>> On Wed, 3 Jan 2024 13:30:48 -0300
>> Elias Pereira <empbilly at gmail.com> wrote:
>>
>> > >
>> > > Is dns configured correctly ?
>> >
>> > root at dc2:~# cat /etc/resolv.conf
>> > search campus.sertao.ifrs.edu.br
>> > nameserver 200.xxx.xxx.163 (*own IP*)
>> >
>> > root at dc3:~# cat /etc/resolv.conf
>> > search campus.sertao.ifrs.edu.br
>> > nameserver 200.xxx.xxx.160 (*own IP*)
>> >
>> > Is a firewall running and if so, are all the
>> > > required ports open ?
>> >
>> > We use pfsense and there's a rule allow everything between the DCs.
>> > Anyway, I checked the logs while I was running the replicate command,
>> > and nothing appeared in the logs.
>> >
>> > but strangely, some ports are closed... O.o
>> >
>> > PORT     STATE  SERVICE      VERSION
>> > 53/tcp   open   domain       (unknown banner: non3)
>> > 88/tcp   open   kerberos-sec (server time: 2024-01-03 16:19:09Z)
>> > *123/tcp  closed ntp*
>> > 135/tcp  open   msrpc        Microsoft Windows RPC
>> >
>> > *137/tcp  closed netbios-ns138/tcp  closed netbios-dgm*
>> > 139/tcp  open   netbios-ssn  Samba smbd 3.X - 4.X (workgroup: CAMPUS)
>> > 389/tcp  open   ldap         (Anonymous bind OK)
>> > 445/tcp  open   netbios-ssn  Samba smbd 3.X - 4.X (workgroup: CAMPUS)
>> > 464/tcp  open   kpasswd5?
>> > 636/tcp  open   ssl/ldap     (Anonymous bind OK)
>> > 3268/tcp open   ldap         (Anonymous bind OK)
>> > 3269/tcp open   ssl/ldap     (Anonymous bind OK)
>> >
>> > Do closed ports affect replication?
>> >
>>
>> Yes and you need more than those ports, see here:
>>
>> https://wiki.samba.org/index.php/Samba_AD_DC_Port_Usage ``
>>
>> Where does pfsense come into this ? From my understanding, pfsense is a
>> firewall/router device and should be between your DCs and the internet
>> and not between your DCs.
>>
>> Rowland
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>
>
> --
> Elias Pereira
>


-- 
Elias Pereira


More information about the samba mailing list