thr3ads.net - samba - [Samba] firewalld services to open for an ADDC [Feb 2018]

If this information is useful, please help other people find it:
Share via:

Jeff Sadowski

2018-Feb-13 04:16 UTC

[Samba] firewalld services to open for an ADDC

I tried the following

firewall-cmd --add-service=dns --permanent
firewall-cmd --add-service=samba --permanent
firewall-cmd --reload

But was not able to connect until I disabled the iptables via
iptables -P INPUT ACCEPT
iptables -F

then I was able to connect my windows 10 pro to my domain.

So my question is what services or ports am I missing to open?

Marc Muehlfeld

2018-Feb-13 06:50 UTC

head link

[Samba] firewalld services to open for an ADDC

Hi Jeff,

Am 13.02.2018 um 05:16 schrieb Jeff Sadowski via samba:> So my question is what services or ports am I missing to open?
AD DCs:
https://wiki.samba.org/index.php/Samba_AD_DC_Port_Usage

Domain members:
https://wiki.samba.org/index.php/Samba_Domain_Member_Port_Usage


Regards,
Marc

Jeff Sadowski

2018-Feb-13 15:05 UTC

head link

[Samba] firewalld services to open for an ADDC

On Mon, Feb 12, 2018 at 11:50 PM, Marc Muehlfeld <mmuehlfeld at samba.org>
wrote:> Hi Jeff,
>
> Am 13.02.2018 um 05:16 schrieb Jeff Sadowski via samba:
>> So my question is what services or ports am I missing to open?
>
> AD DCs:
> https://wiki.samba.org/index.php/Samba_AD_DC_Port_Usage
perfect exactly what I was looking for
I found some docs about firewalld that the service files are kept in
/usr/lib/firewalld/services
so I did
[root at dc1 ~]# grep -e 139 -e 88 -e 445 /usr/lib/firewalld/services/*.xml
/usr/lib/firewalld/services/freeipa-ldaps.xml:  <port
protocol="tcp" port="88"/>
/usr/lib/firewalld/services/freeipa-ldaps.xml:  <port
protocol="udp" port="88"/>
/usr/lib/firewalld/services/freeipa-ldap.xml:  <port protocol="tcp"
port="88"/>
/usr/lib/firewalld/services/freeipa-ldap.xml:  <port protocol="udp"
port="88"/>
/usr/lib/firewalld/services/freeipa-trust.xml:  <port
protocol="tcp"
port="138-139"/>
/usr/lib/firewalld/services/freeipa-trust.xml:  <port
protocol="udp"
port="138-139"/>
/usr/lib/firewalld/services/freeipa-trust.xml:  <port
protocol="tcp"
port="445"/>
/usr/lib/firewalld/services/freeipa-trust.xml:  <port
protocol="udp"
port="445"/>
/usr/lib/firewalld/services/kerberos.xml:  <port protocol="tcp"
port="88"/>
/usr/lib/firewalld/services/kerberos.xml:  <port protocol="udp"
port="88"/>
/usr/lib/firewalld/services/samba.xml:  <port protocol="tcp"
port="139"/>
/usr/lib/firewalld/services/samba.xml:  <port protocol="tcp"
port="445"/>
so by adding

firewall-cmd --add-service=dns --permanent
firewall-cmd --add-service=samba --permanent
firewall-cmd --add-service=kerberos --permanent
firewall-cmd --reload

I should have all the ports I need.
Thank you.
>
> Domain members:
> https://wiki.samba.org/index.php/Samba_Domain_Member_Port_Usage
>
>
> Regards,
> Marc

L.P.H. van Belle

2018-Feb-13 15:30 UTC

head link

[Samba] firewalld services to open for an ADDC

Hai, 

If you use that or the AD, then its incomplete, imo. 
Your missing ldaps (636) and the GC (ssl) 3268/3269) ports and maybe NTP
(123/tcp) if installed.
Maybe you dont need them, just an observation. 


Greetz, 

Louis


> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Jeff 
> Sadowski via samba
> Verzonden: dinsdag 13 februari 2018 16:05
> Aan: Marc Muehlfeld
> CC: Ing. Luis Felipe Domíngu.
> Onderwerp: Re: [Samba] firewalld services to open for an ADDC
> 
> On Mon, Feb 12, 2018 at 11:50 PM, Marc Muehlfeld 
> <mmuehlfeld at samba.org> wrote:
> > Hi Jeff,
> >
> > Am 13.02.2018 um 05:16 schrieb Jeff Sadowski via samba:
> >> So my question is what services or ports am I missing to open?
> >
> > AD DCs:
> > https://wiki.samba.org/index.php/Samba_AD_DC_Port_Usage
> 
> perfect exactly what I was looking for
> I found some docs about firewalld that the service files are kept in
> /usr/lib/firewalld/services
> so I did
> [root at dc1 ~]# grep -e 139 -e 88 -e 445 
> /usr/lib/firewalld/services/*.xml
> /usr/lib/firewalld/services/freeipa-ldaps.xml:  <port 
> protocol="tcp" port="88"/>
> /usr/lib/firewalld/services/freeipa-ldaps.xml:  <port 
> protocol="udp" port="88"/>
> /usr/lib/firewalld/services/freeipa-ldap.xml:  <port 
> protocol="tcp" port="88"/>
> /usr/lib/firewalld/services/freeipa-ldap.xml:  <port 
> protocol="udp" port="88"/>
> /usr/lib/firewalld/services/freeipa-trust.xml:  <port
protocol="tcp"
> port="138-139"/>
> /usr/lib/firewalld/services/freeipa-trust.xml:  <port
protocol="udp"
> port="138-139"/>
> /usr/lib/firewalld/services/freeipa-trust.xml:  <port
protocol="tcp"
> port="445"/>
> /usr/lib/firewalld/services/freeipa-trust.xml:  <port
protocol="udp"
> port="445"/>
> /usr/lib/firewalld/services/kerberos.xml:  <port 
> protocol="tcp" port="88"/>
> /usr/lib/firewalld/services/kerberos.xml:  <port 
> protocol="udp" port="88"/>
> /usr/lib/firewalld/services/samba.xml:  <port protocol="tcp" 
> port="139"/>
> /usr/lib/firewalld/services/samba.xml:  <port protocol="tcp" 
> port="445"/>
> so by adding
> 
> firewall-cmd --add-service=dns --permanent
> firewall-cmd --add-service=samba --permanent
> firewall-cmd --add-service=kerberos --permanent
> firewall-cmd --reload
> 
> I should have all the ports I need.
> Thank you.
> 
> >
> > Domain members:
> > https://wiki.samba.org/index.php/Samba_Domain_Member_Port_Usage
> >
> >
> > Regards,
> > Marc
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
>

Reasonably Related Threads

Search for more seemingly similar threads

samba - Feb 2018 - firewalld services to open for an ADDC

[Samba] firewalld services to open for an ADDC

[Samba] firewalld services to open for an ADDC

[Samba] firewalld services to open for an ADDC

[Samba] firewalld services to open for an ADDC

Reasonably Related Threads