Web lists-archives.com

Re: [Samba] firewalld services to open for an ADDC




On Tue, 13 Feb 2018 08:05:02 -0700
Jeff Sadowski via samba <samba@xxxxxxxxxxxxxxx> wrote:

> > https://wiki.samba.org/index.php/Samba_AD_DC_Port_Usage
> 
> perfect exactly what I was looking for
> I found some docs about firewalld that the service files are kept in
> /usr/lib/firewalld/services
> so I did
> [root@dc1 ~]# grep -e 139 -e 88 -e
> 445 /usr/lib/firewalld/services/*.xml /usr/lib/firewalld/services/freeipa-ldaps.xml:
> <port protocol="tcp"
> port="88"/> /usr/lib/firewalld/services/freeipa-ldaps.xml:  <port
> protocol="udp"
> port="88"/> /usr/lib/firewalld/services/freeipa-ldap.xml:  <port
> protocol="tcp"
> port="88"/> /usr/lib/firewalld/services/freeipa-ldap.xml:  <port
> protocol="udp"
> port="88"/> /usr/lib/firewalld/services/freeipa-trust.xml:  <port
> protocol="tcp"
> port="138-139"/> /usr/lib/firewalld/services/freeipa-trust.xml:
> <port protocol="udp"
> port="138-139"/> /usr/lib/firewalld/services/freeipa-trust.xml:
> <port protocol="tcp"
> port="445"/> /usr/lib/firewalld/services/freeipa-trust.xml:  <port
> protocol="udp"
> port="445"/> /usr/lib/firewalld/services/kerberos.xml:  <port
> protocol="tcp" port="88"/> /usr/lib/firewalld/services/kerberos.xml:
> <port protocol="udp"
> port="88"/> /usr/lib/firewalld/services/samba.xml:  <port
> protocol="tcp" port="139"/> /usr/lib/firewalld/services/samba.xml:
> <port protocol="tcp" port="445"/> so by adding
> 
> firewall-cmd --add-service=dns --permanent
> firewall-cmd --add-service=samba --permanent
> firewall-cmd --add-service=kerberos --permanent
> firewall-cmd --reload
> 
> I should have all the ports I need.
> Thank you.

Are you sure about that ?

Port 53 seems to be missing for one, never mind the global catalogue
port etc

Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba