Ports

• 139/445: SMB (3)
• 135: Epm (4)
• 88: Kerberos (4)
• 389/3268: LDAP / GC (4)
• 399 UDP: CLDAP (4)
• 137/42: WINS (4)

Pipes

• samr (4)
• lsa (4)
• netlogon (4)
• spoolss (3)
• epm (4)
• drsuapi (4)
• winreg (3?)

Browsing: TCP138 mailslots, RAP SMB browsing (3?)

DNS TSIG server-side NTP authenticated

Todo

• Authentication done by S4
  • NTLM by \\netlogon. S3 smbd talking to local S4
  • Kerberos: maybe s4 needs to fill s3's secrets.tdb
• Named pipes over SMB
  • Forward 1p to unix domain socket
    • need to suplly auth_server_supplied_info before any client data
• S4 netlogon needs to talk to S3 winbind
  • S3 Winbind needs to get the trust account pw from S4