Network and Storage Protocols

Ports needed in the firewall for a vfiler cifs setup to join an Active Directory domain

c_morrall
10,433 Views

     I have configured a vfiler on a VLAN, and intend to join this with Active Directory. The "cifs setup" wizard runs through and I seem to be in contact with the AD. The AD people can log in and access the machine account, select the site etc, so I'm fairly sure I have connectivity to the domain controllers.

However, at the end of the wizard I get:

Tue Mar 22 15:18:00 CET [vfiler1@filer01 cifs.trace.GSS:error]: AUTH: Could not set filer password in domain: (0x3c) Connection timed out.
Tue Mar 22 15:18:00 CET [vfiler1@filer01: cifs.kerberos.keytab:error]: CIFS: Keytable information for Kerberos: Error during backup restoration, could not find backup keytable.
Tue Mar 22 15:18:00 CET [vfiler1@filer01: cifs.trace.GSS:error]: AUTH: Could not restore old keytab after failed password change.
Sniffing the network, the firewall admin detected that access was tried for port 464, and he opened the port. However, it still fails and if someone has the definite guide on what ports need to be opened for a vfiler cifs server to join an AD domain, I'd be grateful.
1 REPLY 1

c_morrall
10,433 Views

Answering myself here, but these ports seemed to do the trick.

Network Protocol                                                                                Default Port

Domain Name Service (DNS)                                                                                       53

Kerberos V Authentication                                                              88

Kerberos V Change & Set Password (SET_CHANGE)             464

Kerberos V Change & Set Password (RPCSEC_GSS)              749

LDAP                                                                                                         389

NetBIOS Datagram                                                                              138

NetBIOS Name Service                                                                      137

SMB-over-NetBIOS                                                                             139

SMB-over-TCP                                                                                      445

Public