Hi!
Den 2018-03-14 kl. 18:26, skrev Simo Sorce:
On Wed, 2018-03-14 at 18:01 +0100, Roger Mårtensson wrote:
> Hello!
>
> Got tasked to look at firewall rules and am now wondering if there is a
> document anywhere that describes the ports and protocols used by SSSD?
>
> My list currently consist of: 53 (udp/tcp), 88 (udp), 389 (tcp), 636
> (tcp) and 3268 (tcp) and 3269 (tcp)
>
> If I search on "Windows Client" and ports I get tons of ports and
> port-ranges I may need to open. But what do SSSD use?
It really depends on what backend you are using.
Sorry about that. I'm using the AD backend with kerberos (GSSAPI)
against an Active Directory. (2008R2 at the moment. Hope 2016+ have
added more ports)
for AD you won't need 636(tcp) but you will need 389 (udp) for
site
discovery and 445 (tcp) if you use GPOs
If you use a plain LDAP server then you won't need 3268/3269
For password changes if you use kerberos (including AD) you will need
464(tcp)
Everything is so much simpler when not using a firewall but then you
have to deal with the drawbacks.
Wish there was an popular API that services like this could use to
announce ports used or propose rules.
If you use one of the pam passwthrough modules you may need othere
things (like NIS ports etc... )
Simo.