Hello, I launched a Samba DC and when I want to join my Windows client to my Linux domain, then Windows shows me "The Specified Network Name Is No Longer Available". I disabled Firewalld and problem solved. I opened below ports, but problem not solved:
# firewall-cmd --list-all FedoraServer (active) target: default icmp-block-inversion: no interfaces: enp0s17 enp0s8 sources: services: cockpit dhcp dhcpv6-client http https ssh ports: 53/tcp 53/udp 135/tcp 137-138/udp 139/tcp 389/tcp 389/udp 445/tcp 464/tcp 464/udp 636/tcp 1024-5000/tcp 3268-3269/tcp protocols: masquerade: no forward-ports: source-ports: icmp-blocks:
Which other ports must be open on my Linux DC?
Thank you.
--On Sunday, May 02, 2021 5:01 PM +0000 Jason Long hack3rcon@yahoo.com wrote:
ports: 53/tcp 53/udp 135/tcp 137-138/udp 139/tcp 389/tcp 389/udp 445/tcp 464/tcp 464/udp 636/tcp 1024-5000/tcp 3268-3269/tcp
Instead of opening individual ports, add the samba-dc service to the zone. This will add all the ports listed in /usr/lib/firewalld/services/samba-dc.xml, and using a service name will document why you have all those ports open.
Try running nmap from your client against your Samba server to see what ports it thinks are open.
From the Samba server, you can run "lsof -i" to see what ports are in use
by which programs.
It can sometimes help to temporarily disable SELinux to see if it's blocking something important. Remember to turn it back on after testing and determing the real problem.
Thanks. I have other questions:
1- How can I remove multiple ports?
2- When I want to remove some ports, then it shows me "Warning: NOT_ENABLED:" message!
# firewall-cmd --list-all FedoraServer (active) target: default icmp-block-inversion: no interfaces: enp0s17 enp0s8 sources: services: cockpit dhcp dhcpv6-client high-availability http https ssh ports: 53/udp 135/tcp 137-138/udp 139/tcp 389/tcp 389/udp 445/tcp 464/tcp 464/udp 636/tcp 1024-5000/tcp 3268-3269/tcp protocols: masquerade: no forward-ports: source-ports: icmp-blocks:
# firewall-cmd --remove-port=389/tcp --permanent Warning: NOT_ENABLED: 389:tcp success
On Thu, May 06, 2021 at 03:58:44PM -0000, Jason Long wrote:
Thanks. I have other questions:
1- How can I remove multiple ports?
v0.9.0 added support for breaking and coalescing of port ranges.
If you're using an earlier version then maybe you're hitting that issue. You have to use the exact port range shown it the config. Otherwise it won't work.
2- When I want to remove some ports, then it shows me "Warning: NOT_ENABLED:" message!
# firewall-cmd --list-all FedoraServer (active) target: default icmp-block-inversion: no interfaces: enp0s17 enp0s8 sources: services: cockpit dhcp dhcpv6-client high-availability http https ssh ports: 53/udp 135/tcp 137-138/udp 139/tcp 389/tcp 389/udp 445/tcp 464/tcp 464/udp 636/tcp 1024-5000/tcp 3268-3269/tcp protocols: masquerade: no forward-ports: source-ports: icmp-blocks:
# firewall-cmd --remove-port=389/tcp --permanent Warning: NOT_ENABLED: 389:tcp success
You show the _runtime_ config above, but this command manipulates the _permanent_ config. Maybe 389/tcp has not been added to the permanent config.
firewalld-users@lists.fedorahosted.org