Gregory Carter
2025-Jan-10 22:07 UTC
[Samba] IPV4 Only Environments Kpasswd5 Port 464 Not Showing when ipv6.disable=1 on Kernel CLI
Well, if I eliminate the ipv6.disable-1 from the kernel command line everything works fine. So I don't think it is a samba config issue per se, unless of course I need something specific for kpasswd5 port 464, but in any case. This AD server is a Fedora 41 box running root at ad:~# uname -ra Linux ad.example.com 6.11.10-300.fc41.x86_64 #1 SMP PREEMPT_DYNAMIC Sat Nov 23 00:51:20 UTC 2024 x86_64 GNU/Linux Here is the join command: realm join --automatic-id-mapping=no ad.example.com Here is the smb.conf file of the ad.example.com server: # Global parameters [global] dns forwarder = 10.10.14.27,10.11.12.10 netbios name = AD realm = EXAMPLE.COM server role = active directory domain controller workgroup = EXAMPLE idmap_ldb:use rfc2307 = yes ldap server require strong auth = no bind interfaces only = yes interfaces = 127.0.0.1 192.168.1.40 [sysvol] path = /var/lib/samba/sysvol read only = No [netlogon] path = /var/lib/samba/sysvol/example.com/scripts read only = No like I said I can join fine if I eliminate the ipv6.disable=1 as the kpasswd5 port appears: However it doesn't appear in the ports list: [root at amanda-gw ~]# nmap ad.example.com Starting Nmap 7.93 ( https://nmap.org ) at 2025-01-10 14:55 MST Nmap scan report for ad.example.com (192.168.1.40) Host is up (0.00025s latency). Not shown: 986 closed tcp ports (reset) PORT STATE SERVICE 22/tcp open ssh 53/tcp open domain 88/tcp open kerberos-sec 135/tcp open msrpc 139/tcp open netbios-ssn 389/tcp open ldap 445/tcp open microsoft-ds 636/tcp open ldapssl 3268/tcp open globalcatLDAP 3269/tcp open globalcatLDAPssl 9090/tcp open zeus-admin 49152/tcp open unknown 49153/tcp open unknown 49154/tcp open unknown MAC Address: 52:54:00:F6:51:45 (QEMU virtual NIC) Nmap done: 1 IP address (1 host up) scanned in 0.12 seconds Obviously port 464 is conspicuously missing with ipv6.disable=1. On Fri, Jan 10, 2025 at 3:21?AM Rowland Penny via samba < samba at lists.samba.org> wrote:> On Fri, 10 Jan 2025 01:55:57 -0700 > Gregory Carter via samba <samba at lists.samba.org> wrote: > > > I noticed that kpasswd5 (port 464) isn't showing up on subnets where > > IPv6 is not allowed. > > > > So I cannot do any joins for these Linux boxes. > > > > Is there a Global switch I can use for samba to just startup and > > listen on IPV4 only? > > > > It seems inconsistent as all the other services don't seem to be > > affected by this switch and appropriately bind to the interface. > > > > How do I get kpasswd5 up on IPV4 only? > > My ISP does not use IPv6, so I regularly turn IPv6 off on my network > and I have no problem joining Linux computers to the domain. > > How are you attempting to join the machines and it will probably help > if you post a sample smb.conf that is used during the join. > > Rowland > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
Rowland Penny
2025-Jan-11 08:37 UTC
[Samba] IPV4 Only Environments Kpasswd5 Port 464 Not Showing when ipv6.disable=1 on Kernel CLI
On Fri, 10 Jan 2025 15:07:34 -0700 Gregory Carter <gjcarter2 at gmail.com> wrote:> Well, if I eliminate the ipv6.disable-1 from the kernel command line > everything works fine. So I don't think it is a samba config issue > per se, unless of course I need something specific for kpasswd5 port > 464, but in any case. > > This AD server is a Fedora 41 box runningI take it you are aware that the Fedora Samba packages are classed as experimental because they use MIT kerberos ?> > root at ad:~# uname -ra > Linux ad.example.com 6.11.10-300.fc41.x86_64 #1 SMP PREEMPT_DYNAMIC > Sat Nov 23 00:51:20 UTC 2024 x86_64 GNU/Linux > > Here is the join command: > > realm join --automatic-id-mapping=no ad.example.comNo, that is the freeipa join command, the Samba one is: net ads join -U administrator> > Here is the smb.conf file of the ad.example.com server: > # Global parameters > [global] > dns forwarder = 10.10.14.27,10.11.12.10 > netbios name = AD > realm = EXAMPLE.COM > server role = active directory domain controller > workgroup = EXAMPLE > idmap_ldb:use rfc2307 = yes > ldap server require strong auth = no > bind interfaces only = yes > interfaces = 127.0.0.1 192.168.1.40 > > [sysvol] > path = /var/lib/samba/sysvol > read only = No > > [netlogon] > path = /var/lib/samba/sysvol/example.com/scripts > read only = No >That appears to be from a Samba AD DC, if you are trying to join that to Samba AD domain, then it shouldn't exist before the join and you should be using samba-tool to join as a DC.> like I said I can join fine if I eliminate the ipv6.disable=1 as the > kpasswd5 port appears: >Just exactly what are you doing ? Rowland
Seemingly Similar Threads
- IPV4 Only Environments Kpasswd5 Port 464 Not Showing when ipv6.disable=1 on Kernel CLI
- IPV4 Only Environments Kpasswd5 Port 464 Not Showing when ipv6.disable=1 on Kernel CLI
- IPV4 Only Environments Kpasswd5 Port 464 Not Showing when ipv6.disable=1 on Kernel CLI
- IPV4 Only Environments Kpasswd5 Port 464 Not Showing when ipv6.disable=1 on Kernel CLI
- Samba AD not listening on ipv4 - 464/tcp