Samba AD DC Port Usage: Difference between revisions
Mmuehlfeld (talk | contribs) (Split old Samba port usage into single page for each purpose) |
(No difference)
|
Revision as of 17:10, 25 August 2015
Introduction
If you require to secure your Samba installation with a firewall, you would need information, what ports and protocols are used. This page will give you an overview.
Identify on which ports and interfaces Samba is listening
You can use "netstat" to identify which ports Samba and related daemons are listening on and on which IPs:
# netstat -tulpn | egrep "samba|smbd|nmbd|winbind"
The following is a snippet of an example output:
tcp 0 0 127.0.0.1:139 0.0.0.0:* LISTEN 43270/smbd tcp 0 0 10.0.0.1:139 0.0.0.0:* LISTEN 43270/smbd tcp 0 0 10.0.0.1:88 0.0.0.0:* LISTEN 43273/samba tcp 0 0 127.0.0.1:88 0.0.0.0:* LISTEN 43273/samba tcp 0 0 127.0.0.1:445 0.0.0.0:* LISTEN 43270/smbd tcp 0 0 10.0.0.1:445 0.0.0.0:* LISTEN 43270/smbd .....
The above example shows, that the services are listening on localhost (127.0.0.1) and the interface with IP 10.0.0.1 - each on the listed ports (139, 88, 445,...).
Port usage when Samba runs as an Active Directory Domain Controller
Service | Port | protocol |
---|---|---|
DNS | 53 | tcp/udp |
Kerberos | 88 | tcp/udp |
End Point Mapper (DCE/RPC Locator Service) | 135 | tcp |
NetBIOS Name Service | 137 | udp |
NetBIOS Datagram | 138 | udp |
NetBIOS Session | 139 | tcp |
LDAP | 389 | tcp/udp |
SMB over TCP | 445 | tcp |
Kerberos kpasswd | 464 | tcp/udp |
LDAPS (only if "tls enabled = yes") | 636 | tcp |
Dynamic RPC Ports* | 1024-5000 | tcp |
Global Cataloge | 3268 | tcp |
Global Cataloge SSL (only if "tls enabled = yes") | 3269 | tcp |
Multicast DNS | 5353 | tcp/udp |
* Samba, like Windows, supports dynamic RPC services. The range starts at 1024. If something occupies this port for some reason, it will be a different port (literally walked up from 1024).
Remember, that there can be other ports too, which are related to your Samba installation but not provided from Samba itself, like if you run a NTP server for time synchronisation as well.