LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   Iptables for kerberos (https://www.linuxquestions.org/questions/linux-security-4/iptables-for-kerberos-4175455511/)

MeeLee 03-25-2013 10:19 AM
Iptables for kerberos
 
Hello,

Does anyone know what port would need to be open on iptables to allow the

getent group

command to return users from Active directory?

Currently with iptables off I can execute both getent group and wbinfo -g and a list of both local and AD users is successfully returned.

With the firewall on, getent group only returns the list of local users and wbinfo -g still returns AD users.

Also, what kerberos ports should be open in general to allow tickets to be successfully renewed?

Ports currently open are tcp/udp:

88
749
754
4444

Any help would be much appreciated.

L

vishesh 03-25-2013 12:25 PM
I guess, You should also try by opening port tcp:389 and udp:53

Thanks

MeeLee 03-27-2013 11:01 AM
Quote:
Originally Posted by vishesh (Post 4918536)
I guess, You should also try by opening port tcp:389 and udp:53

Thanks
Many thanks for this. It still doesn't work but that's not to say you haven't solved it, as it doesn't work anymore without iptables on...

...I think I need to re-join the domain, then getent group with the new rules and a new ticket in place.


All times are GMT -5. The time now is 07:33 AM.