Web lists-archives.com

Re: [Samba] firewalld services to open for an ADDC




On Mon, Feb 12, 2018 at 11:50 PM, Marc Muehlfeld <mmuehlfeld@xxxxxxxxx> wrote:
> Hi Jeff,
>
> Am 13.02.2018 um 05:16 schrieb Jeff Sadowski via samba:
>> So my question is what services or ports am I missing to open?
>
> AD DCs:
> https://wiki.samba.org/index.php/Samba_AD_DC_Port_Usage

perfect exactly what I was looking for
I found some docs about firewalld that the service files are kept in
/usr/lib/firewalld/services
so I did
[root@dc1 ~]# grep -e 139 -e 88 -e 445 /usr/lib/firewalld/services/*.xml
/usr/lib/firewalld/services/freeipa-ldaps.xml:  <port protocol="tcp" port="88"/>
/usr/lib/firewalld/services/freeipa-ldaps.xml:  <port protocol="udp" port="88"/>
/usr/lib/firewalld/services/freeipa-ldap.xml:  <port protocol="tcp" port="88"/>
/usr/lib/firewalld/services/freeipa-ldap.xml:  <port protocol="udp" port="88"/>
/usr/lib/firewalld/services/freeipa-trust.xml:  <port protocol="tcp"
port="138-139"/>
/usr/lib/firewalld/services/freeipa-trust.xml:  <port protocol="udp"
port="138-139"/>
/usr/lib/firewalld/services/freeipa-trust.xml:  <port protocol="tcp"
port="445"/>
/usr/lib/firewalld/services/freeipa-trust.xml:  <port protocol="udp"
port="445"/>
/usr/lib/firewalld/services/kerberos.xml:  <port protocol="tcp" port="88"/>
/usr/lib/firewalld/services/kerberos.xml:  <port protocol="udp" port="88"/>
/usr/lib/firewalld/services/samba.xml:  <port protocol="tcp" port="139"/>
/usr/lib/firewalld/services/samba.xml:  <port protocol="tcp" port="445"/>
so by adding

firewall-cmd --add-service=dns --permanent
firewall-cmd --add-service=samba --permanent
firewall-cmd --add-service=kerberos --permanent
firewall-cmd --reload

I should have all the ports I need.
Thank you.

>
> Domain members:
> https://wiki.samba.org/index.php/Samba_Domain_Member_Port_Usage
>
>
> Regards,
> Marc

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba