Samba AD DC Port Usage: Difference between revisions

From SambaWiki
(Rewrote "Samba AD DC Port Usage")
m (Added tags)
Line 12: Line 12:
...
...


The output displays that the services are listening on localhost (127.0.0.1) and the network interface with the IP address 10.99.0.1. On both interfaces, the ports 139/tcp, 88/tcp, and 445/tcp are opened. For further information on the output, see the "netstat" (8) manual page.
The output displays that the services are listening on <code>localhost</code> (<code>127.0.0.1</code>) and the network interface with the IP address <code>10.99.0.1</code>. On both interfaces, the ports <code>139/tcp</code>, <code>88/tcp</code>, and <code>445/tcp</code> are opened. For further information on the output, see the <code>netstat (8)</code> manual page.


To bind Samba to specific interfaces, see [[Configure_Samba_to_Bind_to_Specific_Interfaces|Configure Samba to Bind to Specific Interfaces]].
To bind Samba to specific interfaces, see [[Configure_Samba_to_Bind_to_Specific_Interfaces|Configure Samba to Bind to Specific Interfaces]].
Line 81: Line 81:
<nowiki>*</nowiki> On Samba AD DCs running the Samba internal DNS server.
<nowiki>*</nowiki> On Samba AD DCs running the Samba internal DNS server.


<nowiki>**</nowiki> If "tls enabled = yes" (default) is set in your "smb.conf" file.
<nowiki>**</nowiki> If <code>tls enabled = yes</code> (default) is set in your <code>smb.conf</code> file.


<nowiki>***</nowiki> Dynamically opened for remote procedure call (RPC) services starting with 1024. If a port is already in use, the next higher is used.
<nowiki>***</nowiki> Dynamically opened for remote procedure call (RPC) services starting with 1024. If a port is already in use, the next higher is used.


Note that other Active Directory (AD) related services that are not provided by Samba, such as "ntpd", can open ports on a Domain Controller (DC) as well.
Note that other Active Directory (AD) related services that are not provided by Samba, such as <code>ntpd</code>, can open ports on a Domain Controller (DC) as well.

Revision as of 20:48, 9 October 2016

Identifying Listening Ports and Interfaces

To identify ports and network interfaces your Samba Active Directory (AD) Domain Controller (DC) is listening on, run:

# netstat -tulpn | egrep "samba|smbd|nmbd|winbind"
tcp        0      0 127.0.0.1:139               0.0.0.0:*                   LISTEN      43270/smbd          
tcp        0      0 10.99.0.1:139               0.0.0.0:*                   LISTEN      43270/smbd          
tcp        0      0 10.99.0.1:88                0.0.0.0:*                   LISTEN      43273/samba         
tcp        0      0 127.0.0.1:88                0.0.0.0:*                   LISTEN      43273/samba         
tcp        0      0 127.0.0.1:445               0.0.0.0:*                   LISTEN      43270/smbd          
tcp        0      0 10.99.0.1:445               0.0.0.0:*                   LISTEN      43270/smbd          
...

The output displays that the services are listening on localhost (127.0.0.1) and the network interface with the IP address 10.99.0.1. On both interfaces, the ports 139/tcp, 88/tcp, and 445/tcp are opened. For further information on the output, see the netstat (8) manual page.

To bind Samba to specific interfaces, see Configure Samba to Bind to Specific Interfaces.



Samba AD DC Port Usage

Service Port Protocol
DNS * 53 tcp/udp
Kerberos 88 tcp/udp
End Point Mapper (DCE/RPC Locator Service) 135 tcp
NetBIOS Name Service 137 udp
NetBIOS Datagram 138 udp
NetBIOS Session 139 tcp
LDAP 389 tcp/udp
SMB over TCP 445 tcp
Kerberos kpasswd 464 tcp/udp
LDAPS ** 636 tcp
Dynamic RPC Ports *** 1024-5000 tcp
Global Cataloge 3268 tcp
Global Cataloge SSL ** 3269 tcp

* On Samba AD DCs running the Samba internal DNS server.

** If tls enabled = yes (default) is set in your smb.conf file.

*** Dynamically opened for remote procedure call (RPC) services starting with 1024. If a port is already in use, the next higher is used.

Note that other Active Directory (AD) related services that are not provided by Samba, such as ntpd, can open ports on a Domain Controller (DC) as well.