samba - Apr 2020 - How to force Winbind to use port 445 to talk to Windows Active Directory

I will but changing that would block samba from listening for connections on
port 139. However, in my case I don't see any incoming traffic on port 139
rather the winbind daemon on my samba server tries to connect to the Active
Directory Domain Controller on port 139.


     On Monday, April 6, 2020, 03:55:56 PM PDT, miguel medalha via samba
<samba at lists.samba.org> wrote:
 
 In the [global] section of smb.conf try:

smb ports = 445

The default is:

smb ports = smb ports = 445 139



-- 
To unsubscribe from this list go to the following URL and read the
instructions:? https://lists.samba.org/mailman/options/samba

All Samba binaries have a --option parameter, so you could just add to
your winbindd startup script/unit '--option=smb ports=445'.

This would only change winbindd, and not smbd or other client tools.

Andrew Bartlett

On Tue, 2020-04-07 at 21:24 +0000, Raees Khan via samba
wrote:
>  
> 
> I will but changing that would block samba from listening for
> connections on port 139. However, in my case I don't see any incoming
> traffic on port 139 rather the winbind daemon on my samba server
> tries to connect to the Active Directory Domain Controller on port
> 139.
> 
> 
>      On Monday, April 6, 2020, 03:55:56 PM PDT, miguel medalha via
> samba <samba at lists.samba.org> wrote:  
>  
>  In the [global] section of smb.conf try:
> 
> smb ports = 445
> 
> The default is:
> 
> smb ports = smb ports = 445 139
> 
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>   
-- 
Andrew Bartlett                       https://samba.org/~abartlet/
Authentication Developer, Samba Team  https://samba.org
Samba Developer, Catalyst IT          
https://catalyst.net.nz/services/samba

Hi Andrew,
I added '--option=smb ports=445' to the unit file but the problem is
still reproducible. In face, I added 'smb ports = 445' in the global
section of smb.conf but I still see winbind making connection to AD DC on port
139.
Following is the log extracted output of `winbind -i -d 3`.
connection_ok: Connection to dc.domain.com for domain XXX is not
connectedConnecting to xxx.xx.xx.xx at port 445Connecting to xxx.xx.xx.xx at
port 139

 

    On Tuesday, April 7, 2020, 03:01:50 PM PDT, Andrew Bartlett via samba
<samba at lists.samba.org> wrote:
 
 All Samba binaries have a --option parameter, so you could just add to
your winbindd startup script/unit '--option=smb ports=445'.

This would only change winbindd, and not smbd or other client tools.

Andrew Bartlett

On Tue, 2020-04-07 at 21:24 +0000, Raees Khan via samba
wrote:
>? 
> 
> I will but changing that would block samba from listening for
> connections on port 139. However, in my case I don't see any incoming
> traffic on port 139 rather the winbind daemon on my samba server
> tries to connect to the Active Directory Domain Controller on port
> 139.
> 
> 
>? ? ? On Monday, April 6, 2020, 03:55:56 PM PDT, miguel medalha via
> samba <samba at lists.samba.org> wrote:? 
>? 
>? In the [global] section of smb.conf try:
> 
> smb ports = 445
> 
> The default is:
> 
> smb ports = smb ports = 445 139
> 
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:? https://lists.samba.org/mailman/options/samba
>? 
-- 
Andrew Bartlett? ? ? ? ? ? ? ? ? ? ? https://samba.org/~abartlet/
Authentication Developer, Samba Team? https://samba.org
Samba Developer, Catalyst IT? ? ? ? ? 
https://catalyst.net.nz/services/samba




-- 
To unsubscribe from this list go to the following URL and read the
instructions:? https://lists.samba.org/mailman/options/samba