Gregory Carter
2025-Jan-10 22:07 UTC
[Samba] IPV4 Only Environments Kpasswd5 Port 464 Not Showing when ipv6.disable=1 on Kernel CLI
Well, if I eliminate the ipv6.disable-1 from the kernel command line
everything works fine. So I don't think it is a samba config issue per se,
unless of course I need something specific for kpasswd5 port 464, but in
any case.
This AD server is a Fedora 41 box running
root at ad:~# uname -ra
Linux ad.example.com 6.11.10-300.fc41.x86_64 #1 SMP PREEMPT_DYNAMIC Sat Nov
23 00:51:20 UTC 2024 x86_64 GNU/Linux
Here is the join command:
realm join --automatic-id-mapping=no ad.example.com
Here is the smb.conf file of the ad.example.com server:
# Global parameters
[global]
dns forwarder = 10.10.14.27,10.11.12.10
netbios name = AD
realm = EXAMPLE.COM
server role = active directory domain controller
workgroup = EXAMPLE
idmap_ldb:use rfc2307 = yes
ldap server require strong auth = no
bind interfaces only = yes
interfaces = 127.0.0.1 192.168.1.40
[sysvol]
path = /var/lib/samba/sysvol
read only = No
[netlogon]
path = /var/lib/samba/sysvol/example.com/scripts
read only = No
like I said I can join fine if I eliminate the ipv6.disable=1 as the
kpasswd5 port appears:
However it doesn't appear in the ports list:
[root at amanda-gw ~]# nmap ad.example.com
Starting Nmap 7.93 ( https://nmap.org ) at 2025-01-10 14:55 MST
Nmap scan report for ad.example.com (192.168.1.40)
Host is up (0.00025s latency).
Not shown: 986 closed tcp ports (reset)
PORT STATE SERVICE
22/tcp open ssh
53/tcp open domain
88/tcp open kerberos-sec
135/tcp open msrpc
139/tcp open netbios-ssn
389/tcp open ldap
445/tcp open microsoft-ds
636/tcp open ldapssl
3268/tcp open globalcatLDAP
3269/tcp open globalcatLDAPssl
9090/tcp open zeus-admin
49152/tcp open unknown
49153/tcp open unknown
49154/tcp open unknown
MAC Address: 52:54:00:F6:51:45 (QEMU virtual NIC)
Nmap done: 1 IP address (1 host up) scanned in 0.12 seconds
Obviously port 464 is conspicuously missing with ipv6.disable=1.
On Fri, Jan 10, 2025 at 3:21?AM Rowland Penny via samba <
samba at lists.samba.org> wrote:
> On Fri, 10 Jan 2025 01:55:57 -0700
> Gregory Carter via samba <samba at lists.samba.org> wrote:
>
> > I noticed that kpasswd5 (port 464) isn't showing up on subnets
where
> > IPv6 is not allowed.
> >
> > So I cannot do any joins for these Linux boxes.
> >
> > Is there a Global switch I can use for samba to just startup and
> > listen on IPV4 only?
> >
> > It seems inconsistent as all the other services don't seem to be
> > affected by this switch and appropriately bind to the interface.
> >
> > How do I get kpasswd5 up on IPV4 only?
>
> My ISP does not use IPv6, so I regularly turn IPv6 off on my network
> and I have no problem joining Linux computers to the domain.
>
> How are you attempting to join the machines and it will probably help
> if you post a sample smb.conf that is used during the join.
>
> Rowland
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
Rowland Penny
2025-Jan-11 08:37 UTC
[Samba] IPV4 Only Environments Kpasswd5 Port 464 Not Showing when ipv6.disable=1 on Kernel CLI
On Fri, 10 Jan 2025 15:07:34 -0700 Gregory Carter <gjcarter2 at gmail.com> wrote:> Well, if I eliminate the ipv6.disable-1 from the kernel command line > everything works fine. So I don't think it is a samba config issue > per se, unless of course I need something specific for kpasswd5 port > 464, but in any case. > > This AD server is a Fedora 41 box runningI take it you are aware that the Fedora Samba packages are classed as experimental because they use MIT kerberos ?> > root at ad:~# uname -ra > Linux ad.example.com 6.11.10-300.fc41.x86_64 #1 SMP PREEMPT_DYNAMIC > Sat Nov 23 00:51:20 UTC 2024 x86_64 GNU/Linux > > Here is the join command: > > realm join --automatic-id-mapping=no ad.example.comNo, that is the freeipa join command, the Samba one is: net ads join -U administrator> > Here is the smb.conf file of the ad.example.com server: > # Global parameters > [global] > dns forwarder = 10.10.14.27,10.11.12.10 > netbios name = AD > realm = EXAMPLE.COM > server role = active directory domain controller > workgroup = EXAMPLE > idmap_ldb:use rfc2307 = yes > ldap server require strong auth = no > bind interfaces only = yes > interfaces = 127.0.0.1 192.168.1.40 > > [sysvol] > path = /var/lib/samba/sysvol > read only = No > > [netlogon] > path = /var/lib/samba/sysvol/example.com/scripts > read only = No >That appears to be from a Samba AD DC, if you are trying to join that to Samba AD domain, then it shouldn't exist before the join and you should be using samba-tool to join as a DC.> like I said I can join fine if I eliminate the ipv6.disable=1 as the > kpasswd5 port appears: >Just exactly what are you doing ? Rowland
Possibly Parallel Threads
- IPV4 Only Environments Kpasswd5 Port 464 Not Showing when ipv6.disable=1 on Kernel CLI
- IPV4 Only Environments Kpasswd5 Port 464 Not Showing when ipv6.disable=1 on Kernel CLI
- IPV4 Only Environments Kpasswd5 Port 464 Not Showing when ipv6.disable=1 on Kernel CLI
- IPV4 Only Environments Kpasswd5 Port 464 Not Showing when ipv6.disable=1 on Kernel CLI
- Samba AD not listening on ipv4 - 464/tcp