On Wed, Jan 22, 2003 at 06:14:49AM -0500, Ken Cross wrote: > I'm pretty sure that Kerberos uses port 88, but that's just for > authentication. Port 445 is used for connecting to shares. > > We've been running tests blocking ports. With ports 137 - 139 and 445 > blocked for UDP and TCP, the join fails but the computer name is still > entered in the AD. With just ports 137 - 139 blocked (445 enabled), the > join succeeds and all client share operations seem to function correctly > as long as there is no NetBIOS name resolution involved. > > Hope this helps.
Thanks, Ken, but it's not really what I'm trying to figure out. The problem, though, is in my presentation of the question. More... On Wed, Jan 22, 2003 at 02:26:43PM +0000, Andrew Bartlett wrote: > On Wed, Jan 22, 2003 at 12:41:34AM -0600, Christopher R. Hertel wrote: > > So, unless I'm totally insane, the likelihood of Kerberos auth being > > used over port 139 is low. > > Samba 3.0 listening on 139 only. This can and does happen. Firewall > rules, or anything else that makes the 445 connect fail. I would not > attempt to draw this genralisation in a published work ;-) What I am trying to do is understand the relationship between the different authentication types and the different transports. It's not the ports, per. se., that I'm interested in (139 vs. 445), but the relationship between the different implementations and the different auth types. >From a Windows perspective, Kerberos Auth is tied in with Active Directory. I suspect, then, that only W2K and WXP.pro can cope with Kerberos auth. I would also suspect that other Windows systems can't. (I don't know about /Me or /XP.home). XP.pro and W2K are also the only Windows systems of which I'm aware that can do SMB over naked TCP transport on port 445. So, from a simple perspective, there is a relationship between SMB over naked TCP and Kerberos Auth. That relationship is that the Windows systems that can handle the former can handle the latter. Anyway, I'm just trying to gain a better sense of that relationship and its limits. This helps. Thanks! Chris -)----- -- Samba Team -- http://www.samba.org/ -)----- Christopher R. Hertel jCIFS Team -- http://jcifs.samba.org/ -)----- ubiqx development, uninq. ubiqx Team -- http://www.ubiqx.org/ -)----- [EMAIL PROTECTED] OnLineBook -- http://ubiqx.org/cifs/ -)----- [EMAIL PROTECTED]
