topic Ports needed in the firewall for a vfiler cifs setup to join an Active Directory domain in Network and Storage Protocols

Ports needed in the firewall for a vfiler cifs setup to join an Active Directory domain

c_morrall — Thu, 05 Jun 2025 06:57:52 GMT

I have configured a vfiler on a VLAN, and intend to join this with Active Directory. The "cifs setup" wizard runs through and I seem to be in contact with the AD. The AD people can log in and access the machine account, select the site etc, so I'm fairly sure I have connectivity to the domain controllers.

However, at the end of the wizard I get:

Tue Mar 22 15:18:00 CET [vfiler1@filer01 cifs.trace.GSS:error]: AUTH: Could not set filer password in domain: (0x3c) Connection timed out.

Tue Mar 22 15:18:00 CET [vfiler1@filer01: cifs.kerberos.keytab:error]: CIFS: Keytable information for Kerberos: Error during backup restoration, could not find backup keytable.

Tue Mar 22 15:18:00 CET [vfiler1@filer01: cifs.trace.GSS:error]: AUTH: Could not restore old keytab after failed password change.

Sniffing the network, the firewall admin detected that access was tried for port 464, and he opened the port. However, it still fails and if someone has the definite guide on what ports need to be opened for a vfiler cifs server to join an AD domain, I'd be grateful.

Re: Ports needed in the firewall for a vfiler cifs setup to join an Active Directory domain

c_morrall — Tue, 29 Mar 2011 07:45:39 GMT

Answering myself here, but these ports seemed to do the trick.

Network Protocol Default Port

Domain Name Service (DNS) 53

Kerberos V Authentication 88

Kerberos V Change & Set Password (SET_CHANGE) 464

Kerberos V Change & Set Password (RPCSEC_GSS) 749

LDAP 389

NetBIOS Datagram 138

NetBIOS Name Service 137

SMB-over-NetBIOS 139

SMB-over-TCP 445