Samba AD DC Port Usage: Difference between revisions
Mmuehlfeld (talk | contribs) m (Fixed typos) |
Mmuehlfeld (talk | contribs) (Added information about "rpc server port" to define individual ports for RPC services.) |
||
Line 83: | Line 83: | ||
<nowiki>**</nowiki> If <code>tls enabled = yes</code> (default) is set in your <code>smb.conf</code> file. |
<nowiki>**</nowiki> If <code>tls enabled = yes</code> (default) is set in your <code>smb.conf</code> file. |
||
<nowiki>***</nowiki> Dynamically opened for remote procedure call (RPC) services starting with 1024. If a port is already in use, the next higher is used. |
<nowiki>***</nowiki> Dynamically opened for remote procedure call (RPC) services starting with 1024. If a port is already in use, the next higher is used. Using Samba 4.6 or later, you can optionally set individual ports for all RPC servers. For further details, see the <code>rpc server port</code> parameter description in the <code>smb.conf(5)</code> man page. |
||
Note that other Active Directory (AD) related services that are not provided by Samba, such as <code>ntpd</code>, can open ports on a Domain Controller (DC) as well. |
Note that other Active Directory (AD) related services that are not provided by Samba, such as <code>ntpd</code>, can open ports on a Domain Controller (DC) as well. |
Revision as of 14:06, 26 February 2017
Identifying Listening Ports and Interfaces
To identify ports and network interfaces your Samba Active Directory (AD) Domain Controller (DC) is listening on, run:
# netstat -tulpn | egrep "samba|smbd|nmbd|winbind" tcp 0 0 127.0.0.1:139 0.0.0.0:* LISTEN 43270/smbd tcp 0 0 10.99.0.1:139 0.0.0.0:* LISTEN 43270/smbd tcp 0 0 10.99.0.1:88 0.0.0.0:* LISTEN 43273/samba tcp 0 0 127.0.0.1:88 0.0.0.0:* LISTEN 43273/samba tcp 0 0 127.0.0.1:445 0.0.0.0:* LISTEN 43270/smbd tcp 0 0 10.99.0.1:445 0.0.0.0:* LISTEN 43270/smbd ...
The output displays that the services are listening on localhost
(127.0.0.1
) and the network interface with the IP address 10.99.0.1
. On both interfaces, the ports 139/tcp
, 88/tcp
, and 445/tcp
are opened. For further information on the output, see the netstat (8)
manual page.
To bind Samba to specific interfaces, see Configure Samba to Bind to Specific Interfaces.
Samba AD DC Port Usage
Service | Port | Protocol |
---|---|---|
DNS * | 53 | tcp/udp |
Kerberos | 88 | tcp/udp |
End Point Mapper (DCE/RPC Locator Service) | 135 | tcp |
NetBIOS Name Service | 137 | udp |
NetBIOS Datagram | 138 | udp |
NetBIOS Session | 139 | tcp |
LDAP | 389 | tcp/udp |
SMB over TCP | 445 | tcp |
Kerberos kpasswd | 464 | tcp/udp |
LDAPS ** | 636 | tcp |
Dynamic RPC Ports *** | 1024-5000 | tcp |
Global Catalog | 3268 | tcp |
Global Catalog SSL ** | 3269 | tcp |
* On Samba AD DCs running the Samba internal DNS server.
** If tls enabled = yes
(default) is set in your smb.conf
file.
*** Dynamically opened for remote procedure call (RPC) services starting with 1024. If a port is already in use, the next higher is used. Using Samba 4.6 or later, you can optionally set individual ports for all RPC servers. For further details, see the rpc server port
parameter description in the smb.conf(5)
man page.
Note that other Active Directory (AD) related services that are not provided by Samba, such as ntpd
, can open ports on a Domain Controller (DC) as well.