samba - Jan 2025 - IPV4 Only Environments Kpasswd5 Port 464 Not Showing when ipv6.disable=1 on Kernel CLI

On Fri, 10 Jan 2025 01:55:57 -0700
Gregory Carter via samba <samba at lists.samba.org> wrote:
> I noticed that kpasswd5 (port 464) isn't showing up on subnets where
> IPv6 is not allowed.
> 
> So I cannot do any joins for these Linux boxes.
> 
> Is there a Global switch I can use for samba to just startup and
> listen on IPV4 only?
> 
> It seems inconsistent as all the other services don't seem to be
> affected by this switch and appropriately bind to the interface.
> 
> How do I get kpasswd5 up on IPV4 only?
My ISP does not use IPv6, so I regularly turn IPv6 off on my network
and I have no problem joining Linux computers to the domain. 

How are you attempting to join the machines and it will probably help
if you post a sample smb.conf that is used during the join.

Rowland

Well, if I eliminate the ipv6.disable-1 from the kernel command line
everything works fine.  So I don't think it is a samba config issue per se,
unless of course I need something specific for kpasswd5 port 464, but in
any case.

This AD server is a Fedora 41 box running

root at ad:~# uname -ra
Linux ad.example.com 6.11.10-300.fc41.x86_64 #1 SMP PREEMPT_DYNAMIC Sat Nov
23 00:51:20 UTC 2024 x86_64 GNU/Linux

Here is the join command:

realm join --automatic-id-mapping=no ad.example.com

Here is the smb.conf file of the ad.example.com server:
# Global parameters
[global]
        dns forwarder = 10.10.14.27,10.11.12.10
        netbios name = AD
        realm = EXAMPLE.COM
        server role = active directory domain controller
        workgroup = EXAMPLE
        idmap_ldb:use rfc2307 = yes
        ldap server require strong auth = no
        bind interfaces only = yes
        interfaces = 127.0.0.1 192.168.1.40

[sysvol]
        path = /var/lib/samba/sysvol
        read only = No

[netlogon]
        path = /var/lib/samba/sysvol/example.com/scripts
        read only = No

like I said I can join fine if I eliminate the ipv6.disable=1 as the
kpasswd5 port appears:

However it doesn't appear in the ports list:

[root at amanda-gw ~]# nmap ad.example.com
Starting Nmap 7.93 ( https://nmap.org ) at 2025-01-10 14:55 MST
Nmap scan report for ad.example.com (192.168.1.40)
Host is up (0.00025s latency).
Not shown: 986 closed tcp ports (reset)
PORT      STATE SERVICE
22/tcp    open  ssh
53/tcp    open  domain
88/tcp    open  kerberos-sec
135/tcp   open  msrpc
139/tcp   open  netbios-ssn
389/tcp   open  ldap
445/tcp   open  microsoft-ds
636/tcp   open  ldapssl
3268/tcp  open  globalcatLDAP
3269/tcp  open  globalcatLDAPssl
9090/tcp  open  zeus-admin
49152/tcp open  unknown
49153/tcp open  unknown
49154/tcp open  unknown
MAC Address: 52:54:00:F6:51:45 (QEMU virtual NIC)

Nmap done: 1 IP address (1 host up) scanned in 0.12 seconds

Obviously port 464 is conspicuously missing with ipv6.disable=1.

On Fri, Jan 10, 2025 at 3:21?AM Rowland Penny via samba <
samba at lists.samba.org> wrote:
> On Fri, 10 Jan 2025 01:55:57 -0700
> Gregory Carter via samba <samba at lists.samba.org> wrote:
>
> > I noticed that kpasswd5 (port 464) isn't showing up on subnets
where
> > IPv6 is not allowed.
> >
> > So I cannot do any joins for these Linux boxes.
> >
> > Is there a Global switch I can use for samba to just startup and
> > listen on IPV4 only?
> >
> > It seems inconsistent as all the other services don't seem to be
> > affected by this switch and appropriately bind to the interface.
> >
> > How do I get kpasswd5 up on IPV4 only?
>
> My ISP does not use IPv6, so I regularly turn IPv6 off on my network
> and I have no problem joining Linux computers to the domain.
>
> How are you attempting to join the machines and it will probably help
> if you post a sample smb.conf that is used during the join.
>
> Rowland
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>