Samba AD DC Port Usage

From SambaWiki
Revision as of 17:10, 25 August 2015 by Mmuehlfeld (talk | contribs) (Split old Samba port usage into single page for each purpose)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Introduction

If you require to secure your Samba installation with a firewall, you would need information, what ports and protocols are used. This page will give you an overview.



Identify on which ports and interfaces Samba is listening

You can use "netstat" to identify which ports Samba and related daemons are listening on and on which IPs:

# netstat -tulpn | egrep "samba|smbd|nmbd|winbind"

The following is a snippet of an example output:

tcp        0      0 127.0.0.1:139               0.0.0.0:*                   LISTEN      43270/smbd          
tcp        0      0 10.0.0.1:139                0.0.0.0:*                   LISTEN      43270/smbd          
tcp        0      0 10.0.0.1:88                 0.0.0.0:*                   LISTEN      43273/samba         
tcp        0      0 127.0.0.1:88                0.0.0.0:*                   LISTEN      43273/samba         
tcp        0      0 127.0.0.1:445               0.0.0.0:*                   LISTEN      43270/smbd          
tcp        0      0 10.0.0.1:445                0.0.0.0:*                   LISTEN      43270/smbd          
.....

The above example shows, that the services are listening on localhost (127.0.0.1) and the interface with IP 10.0.0.1 - each on the listed ports (139, 88, 445,...).



Port usage when Samba runs as an Active Directory Domain Controller

Service Port protocol
DNS 53 tcp/udp
Kerberos 88 tcp/udp
End Point Mapper (DCE/RPC Locator Service) 135 tcp
NetBIOS Name Service 137 udp
NetBIOS Datagram 138 udp
NetBIOS Session 139 tcp
LDAP 389 tcp/udp
SMB over TCP 445 tcp
Kerberos kpasswd 464 tcp/udp
LDAPS (only if "tls enabled = yes") 636 tcp
Dynamic RPC Ports* 1024-5000 tcp
Global Cataloge 3268 tcp
Global Cataloge SSL (only if "tls enabled = yes") 3269 tcp
Multicast DNS 5353 tcp/udp

* Samba, like Windows, supports dynamic RPC services. The range starts at 1024. If something occupies this port for some reason, it will be a different port (literally walked up from 1024).

Remember, that there can be other ports too, which are related to your Samba installation but not provided from Samba itself, like if you run a NTP server for time synchronisation as well.