Rob Campbell
2024-Jan-01 00:47 UTC
[Samba] Unable to join domain when DC firewall is active
I'm unable to join my computer to the domain.
On the domain controller, initially I only had firewall-cmd --permanent
--add-service=samba but that didn't work. The computer couldn't join but
when I turned off the firewall all-together I was able to join.
I then tried firewall-cmd --permanent
--add-service={samba,dns,ldap,ldaps,kerberos,kpasswd} but that didn't work
either.
Are there some other services and/or ports I need to open?
I've also tried firewall-cmd --permanent --add-port={137,138,139,445}/tcp
and firewall-cmd --permanent --add-port={137,138,139,445}/udp just to see
if it would work but it didn't.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In all things, Be Intentional.
miguel medalha
2024-Jan-01 02:01 UTC
[Samba] Unable to join domain when DC firewall is active
Maybe reading this Samba Wiki page will help you (a lot):
"The samba service, which provides the AD DC features, requires that the
following ports are opened on the DC:"
etc, etc,
Samba AD DC Port Usage
https://wiki.samba.org/index.php/Samba_AD_DC_Port_Usage
-----Original Message-----
From: samba [mailto:samba-bounces at lists.samba.org] On Behalf Of Rob Campbell
via samba
Sent: 1 de janeiro de 2024 00:48
To: sambalist <samba at lists.samba.org>
Subject: [Samba] Unable to join domain when DC firewall is active
I'm unable to join my computer to the domain.
On the domain controller, initially I only had firewall-cmd --permanent
--add-service=samba but that didn't work. The computer couldn't join but
when I turned off the firewall all-together I was able to join.
I then tried firewall-cmd --permanent
--add-service={samba,dns,ldap,ldaps,kerberos,kpasswd} but that didn't work
either.
Are there some other services and/or ports I need to open?
I've also tried firewall-cmd --permanent --add-port={137,138,139,445}/tcp
and firewall-cmd --permanent --add-port={137,138,139,445}/udp just to see
if it would work but it didn't.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In all things, Be Intentional.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Rob Campbell
2024-Jan-01 02:21 UTC
[Samba] Unable to join domain when DC firewall is active
Thanks. I did read that. Maybe my understanding is wrong. I thought that by adding the samba service, everything that shows as samba would be enabled. 445, 139, etc didn't have samba so I added them with --add-port. Is that not an accurate assumption? Do I need to open each of those ports individually rather than allowing the service? The only thing I don't see is: tcp 0 0 10.99.0.1:46322 10.99.0.7:1024 ESTABLISHED 16211/samba ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ In all things, Be Intentional. On Sun, Dec 31, 2023 at 9:01?PM miguel medalha <medalist at sapo.pt> wrote:> Maybe reading this Samba Wiki page will help you (a lot): > > "The samba service, which provides the AD DC features, requires that the > following ports are opened on the DC:" > > etc, etc, > > Samba AD DC Port Usage > https://wiki.samba.org/index.php/Samba_AD_DC_Port_Usage > > > -----Original Message----- > From: samba [mailto:samba-bounces at lists.samba.org] On Behalf Of Rob > Campbell > via samba > Sent: 1 de janeiro de 2024 00:48 > To: sambalist <samba at lists.samba.org> > Subject: [Samba] Unable to join domain when DC firewall is active > > I'm unable to join my computer to the domain. > > On the domain controller, initially I only had firewall-cmd --permanent > --add-service=samba but that didn't work. The computer couldn't join but > when I turned off the firewall all-together I was able to join. > > I then tried firewall-cmd --permanent > --add-service={samba,dns,ldap,ldaps,kerberos,kpasswd} but that didn't work > either. > > Are there some other services and/or ports I need to open? > > I've also tried firewall-cmd --permanent --add-port={137,138,139,445}/tcp > and firewall-cmd --permanent --add-port={137,138,139,445}/udp just to see > if it would work but it didn't. > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > In all things, Be Intentional. > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >