Re: [Samba] Samba 4.0.3 on CentOS 6.3 as PDC.
Hi Thomas, Thanks for the reply. Yes, I followed the S4 standard install from the wiki (and repeated it on a second VM just to make sure I didn't miss something.) I have the following in my smb.cfg services line: server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc, dnsupdate Anything obviously missing? Thanks again, -Mike On Tue, Feb 26, 2013 at 8:23 AM, Mike Stroven mike.stro...@visole-energy.com wrote: Any help here? I have included all of the output of the suggested diags that Thomas said I should run, but I admit that I'm not sure what I'm looking for, as I'm not familiar with RPC functionality on Linux. Something is not working with RPC on my Samba 4.0.3 server. (FWIW, it doesn't work with IPTables stopped either.) On Mon, Feb 25, 2013 at 2:21 PM, Mike Stroven wrote: I finally have everything working that can be verified from the server command line. Running Bind9.8 with DLZ support. Verified Kerberos 5 running. Now attempting to join Windows XP machines to the domain, and am getting an error: The RPC server is unavailable. Any pointers? On Mon, Feb 25, 2013 at 6:55 PM, Thomas Simmons wrote: You're likely to get more support on the user's list ( samba@lists.samba.org ). If you're certain everything is working on the server and the client network config is correct (you have the DC's IP as the primary DNS server), then my first guess would be iptables or selinux. If you need further assistance, output from the following commands would be useful: # test samba [root@grumpy ~]# /usr/local/samba/bin/smbclient //grumpy/netlogon -UAdministrator%'**' -c ls Domain=[TROY] OS=[Unix] Server=[Samba 4.0.3] . D 0 Mon Feb 25 09:53:33 2013 .. D 0 Fri Feb 22 17:09:24 2013 40757 blocks of size 131072. 20332 blocks available # test kerberos [root@grumpy ~]# kinit administra...@visole-energy.com Password for administra...@visole-energy.com : Warning: Your password will expire in 41 days on Mon Apr 8 18:14:03 2013 # check iptables [root@grumpy ~]# iptables -nL Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 /* SSH */ ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:53 /* DNS */ ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:53 /* DNS UDP */ ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80 /* HTTP */ ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:88 /* Kerberos */ ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:123 /* NTP */ ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:135 /* RPC UDP */ ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:135 /* RPC TCP */ ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:138 /* NetBIOS Netlogon and Browsing */ ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:139 /* NetBIOS Session */ ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:389 /* LDAP UDP */ ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:443 /* HTTPS */ ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:445 /* SMB CIFS */ ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:445 /* SMB CIFS UDP */ ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:464 /* Kerberos Password Management */ ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:464 /* Kerberos Password Management UDP */ ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:636 /* LDAP SSL */ ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:3268 /* LDAP Global Catalog */ ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:3269 /* LDAP Global Catalog SSL */ ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:1 /* Webmin */ REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT) target prot opt source destination REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT) target prot opt source destination # check selinux root@grumpy ~]# sestatus SELinux status: disabled # netstat output [root@grumpy ~]# netstat -anp Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:3269 0.0.0.0:* LISTEN 1114/samba tcp 0 0 0.0.0.0:389 0.0.0.0:* LISTEN 1114/samba tcp 0 0 0.0.0.0:39689 0.0.0.0:* LISTEN 922/rpc.statd tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN /smbd tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 904/rpcbind tcp 0 0 0.0.0.0:1 0.0.0.0:* LISTEN 1150/perl tcp 0 0 0.0.0.0:464 0.0.0.0:* LISTEN 1116/samba tcp 0 0 192.168.60.200:53 0.0.0.0:* LISTEN 882/named tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 882/named tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1091/sshd tcp 0 0 0.0.0.0:88 0.0.0.0:* LISTEN 1116/samba tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 882/named tcp 0 0 0.0.0.0:636 0.0.0.0:* LISTEN
Re: [Samba] Samba 4.0.3 on CentOS 6.3 as PDC.
Hi Daniel, Thanks for the reply. I have disabled portreserve service, and unfortunately did not see a change in behavior. Mike Stroven, IT Manager ViSole Energy, Inc. 5750 New King St., Suite 330 Troy, MI 48098 Office: 248 852-1300 x2115 Skype: mstroven This email communication is confidential and is intended only for the individual(s) or entity named above and others who have been specifically authorized to receive it. It may contain confidential, proprietary or legally privileged information or may otherwise be protected by work product immunity or other legal rules. No confidentiality or privilege is waived or lost by any mis-transmission. If you are not the intended recipient, please do not read, copy, use or disclose the contents of this communication to others. Please notify the sender that you have received this email in error by replying to the email. Please then delete the email and any copies of it. Thank you. Save a tree! Please don't print this e-mail unnecessarily. - Original Message - From: Daniel Müller muel...@tropenklinik.de To: Thomas Simmons twsn...@gmail.com, Mike Stroven mike.stro...@visole-energy.com Cc: samba@lists.samba.org Sent: Monday, March 18, 2013 3:52:02 AM Subject: AW: [Samba] Samba 4.0.3 on CentOS 6.3 as PDC. I had an issue with portreserve running. After shutdown the service samba4 on Centos 6.3 did run. --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Thomas Simmons Gesendet: Samstag, 16. März 2013 18:26 An: Mike Stroven Cc: samba@lists.samba.org Betreff: Re: [Samba] Samba 4.0.3 on CentOS 6.3 as PDC. On Tue, Feb 26, 2013 at 8:23 AM, Mike Stroven mike.stro...@visole-energy.com wrote: Any help here? I have included all of the output of the suggested diags that Thomas said I should run, but I admit that I'm not sure what I'm looking for, as I'm not familiar with RPC functionality on Linux. Something is not working with RPC on my Samba 4.0.3 server. (FWIW, it doesn't work with IPTables stopped either.) On Mon, Feb 25, 2013 at 2:21 PM, Mike Stroven wrote: I finally have everything working that can be verified from the server command line. Running Bind9.8 with DLZ support. Verified Kerberos 5 running. Now attempting to join Windows XP machines to the domain, and am getting an error: The RPC server is unavailable. Any pointers? On Mon, Feb 25, 2013 at 6:55 PM, Thomas Simmons wrote: You're likely to get more support on the user's list ( samba@lists.samba.org). If you're certain everything is working on the server and the client network config is correct (you have the DC's IP as the primary DNS server), then my first guess would be iptables or selinux. If you need further assistance, output from the following commands would be useful: # test samba [root@grumpy ~]# /usr/local/samba/bin/smbclient //grumpy/netlogon -UAdministrator%'**' -c ls Domain=[TROY] OS=[Unix] Server=[Samba 4.0.3] . D 0 Mon Feb 25 09:53:33 2013 .. D 0 Fri Feb 22 17:09:24 2013 40757 blocks of size 131072. 20332 blocks available # test kerberos [root@grumpy ~]# kinit administra...@visole-energy.com Password for administra...@visole-energy.com: Warning: Your password will expire in 41 days on Mon Apr 8 18:14:03 2013 # check iptables [root@grumpy ~]# iptables -nL Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 /* SSH */ ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:53 /* DNS */ ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:53 /* DNS UDP */ ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80 /* HTTP */ ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:88 /* Kerberos */ ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:123 /* NTP */ ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:135 /* RPC UDP */ ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:135 /* RPC TCP */ ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:138 /* NetBIOS Netlogon and Browsing */ ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:139 /* NetBIOS Session */ ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:389 /* LDAP UDP */ ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:443 /* HTTPS */ ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:445 /* SMB CIFS */ ACCEPT udp -- 0.0.0.0
Re: [Samba] Samba 4.0.3 on CentOS 6.3 as PDC.
I had an issue with portreserve running. After shutdown the service samba4 on Centos 6.3 did run. --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Thomas Simmons Gesendet: Samstag, 16. März 2013 18:26 An: Mike Stroven Cc: samba@lists.samba.org Betreff: Re: [Samba] Samba 4.0.3 on CentOS 6.3 as PDC. On Tue, Feb 26, 2013 at 8:23 AM, Mike Stroven mike.stro...@visole-energy.com wrote: Any help here? I have included all of the output of the suggested diags that Thomas said I should run, but I admit that I'm not sure what I'm looking for, as I'm not familiar with RPC functionality on Linux. Something is not working with RPC on my Samba 4.0.3 server. (FWIW, it doesn't work with IPTables stopped either.) On Mon, Feb 25, 2013 at 2:21 PM, Mike Stroven wrote: I finally have everything working that can be verified from the server command line. Running Bind9.8 with DLZ support. Verified Kerberos 5 running. Now attempting to join Windows XP machines to the domain, and am getting an error: The RPC server is unavailable. Any pointers? On Mon, Feb 25, 2013 at 6:55 PM, Thomas Simmons wrote: You're likely to get more support on the user's list ( samba@lists.samba.org). If you're certain everything is working on the server and the client network config is correct (you have the DC's IP as the primary DNS server), then my first guess would be iptables or selinux. If you need further assistance, output from the following commands would be useful: # test samba [root@grumpy ~]# /usr/local/samba/bin/smbclient //grumpy/netlogon -UAdministrator%'**' -c ls Domain=[TROY] OS=[Unix] Server=[Samba 4.0.3] . D0 Mon Feb 25 09:53:33 2013 .. D0 Fri Feb 22 17:09:24 2013 40757 blocks of size 131072. 20332 blocks available # test kerberos [root@grumpy ~]# kinit administra...@visole-energy.com Password for administra...@visole-energy.com: Warning: Your password will expire in 41 days on Mon Apr 8 18:14:03 2013 # check iptables [root@grumpy ~]# iptables -nL Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- 0.0.0.0/00.0.0.0/0 state RELATED,ESTABLISHED ACCEPT icmp -- 0.0.0.0/00.0.0.0/0 ACCEPT all -- 0.0.0.0/00.0.0.0/0 ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:22 /* SSH */ ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:53 /* DNS */ ACCEPT udp -- 0.0.0.0/00.0.0.0/0 state NEW udp dpt:53 /* DNS UDP */ ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:80 /* HTTP */ ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:88 /* Kerberos */ ACCEPT udp -- 0.0.0.0/00.0.0.0/0 state NEW udp dpt:123 /* NTP */ ACCEPT udp -- 0.0.0.0/00.0.0.0/0 state NEW udp dpt:135 /* RPC UDP */ ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:135 /* RPC TCP */ ACCEPT udp -- 0.0.0.0/00.0.0.0/0 state NEW udp dpt:138 /* NetBIOS Netlogon and Browsing */ ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:139 /* NetBIOS Session */ ACCEPT udp -- 0.0.0.0/00.0.0.0/0 state NEW udp dpt:389 /* LDAP UDP */ ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:443 /* HTTPS */ ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:445 /* SMB CIFS */ ACCEPT udp -- 0.0.0.0/00.0.0.0/0 state NEW udp dpt:445 /* SMB CIFS UDP */ ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:464 /* Kerberos Password Management */ ACCEPT udp -- 0.0.0.0/00.0.0.0/0 state NEW udp dpt:464 /* Kerberos Password Management UDP */ ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:636 /* LDAP SSL */ ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:3268 /* LDAP Global Catalog */ ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:3269 /* LDAP Global Catalog SSL */ ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:1 /* Webmin */ REJECT all -- 0.0.0.0/00.0.0.0/0 reject-with icmp-host-prohibited Chain FORWARD
[Samba] Samba 4.0.3 on CentOS 6.3 as PDC.
Any help here? I have included all of the output of the suggested diags that Thomas said I should run, but I admit that I'm not sure what I'm looking for, as I'm not familiar with RPC functionality on Linux. Something is not working with RPC on my Samba 4.0.3 server. (FWIW, it doesn't work with IPTables stopped either.) On Mon, Feb 25, 2013 at 2:21 PM, Mike Stroven wrote: I finally have everything working that can be verified from the server command line. Running Bind9.8 with DLZ support. Verified Kerberos 5 running. Now attempting to join Windows XP machines to the domain, and am getting an error: The RPC server is unavailable. Any pointers? On Mon, Feb 25, 2013 at 6:55 PM, Thomas Simmons wrote: You're likely to get more support on the user's list (samba@lists.samba.org). If you're certain everything is working on the server and the client network config is correct (you have the DC's IP as the primary DNS server), then my first guess would be iptables or selinux. If you need further assistance, output from the following commands would be useful: # test samba [root@grumpy ~]# /usr/local/samba/bin/smbclient //grumpy/netlogon -UAdministrator%'**' -c ls Domain=[TROY] OS=[Unix] Server=[Samba 4.0.3] . D0 Mon Feb 25 09:53:33 2013 .. D0 Fri Feb 22 17:09:24 2013 40757 blocks of size 131072. 20332 blocks available # test kerberos [root@grumpy ~]# kinit administra...@visole-energy.com Password for administra...@visole-energy.com: Warning: Your password will expire in 41 days on Mon Apr 8 18:14:03 2013 # check iptables [root@grumpy ~]# iptables -nL Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- 0.0.0.0/00.0.0.0/0 state RELATED,ESTABLISHED ACCEPT icmp -- 0.0.0.0/00.0.0.0/0 ACCEPT all -- 0.0.0.0/00.0.0.0/0 ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:22 /* SSH */ ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:53 /* DNS */ ACCEPT udp -- 0.0.0.0/00.0.0.0/0 state NEW udp dpt:53 /* DNS UDP */ ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:80 /* HTTP */ ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:88 /* Kerberos */ ACCEPT udp -- 0.0.0.0/00.0.0.0/0 state NEW udp dpt:123 /* NTP */ ACCEPT udp -- 0.0.0.0/00.0.0.0/0 state NEW udp dpt:135 /* RPC UDP */ ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:135 /* RPC TCP */ ACCEPT udp -- 0.0.0.0/00.0.0.0/0 state NEW udp dpt:138 /* NetBIOS Netlogon and Browsing */ ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:139 /* NetBIOS Session */ ACCEPT udp -- 0.0.0.0/00.0.0.0/0 state NEW udp dpt:389 /* LDAP UDP */ ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:443 /* HTTPS */ ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:445 /* SMB CIFS */ ACCEPT udp -- 0.0.0.0/00.0.0.0/0 state NEW udp dpt:445 /* SMB CIFS UDP */ ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:464 /* Kerberos Password Management */ ACCEPT udp -- 0.0.0.0/00.0.0.0/0 state NEW udp dpt:464 /* Kerberos Password Management UDP */ ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:636 /* LDAP SSL */ ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:3268 /* LDAP Global Catalog */ ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:3269 /* LDAP Global Catalog SSL */ ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:1 /* Webmin */ REJECT all -- 0.0.0.0/00.0.0.0/0 reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT) target prot opt source destination REJECT all -- 0.0.0.0/00.0.0.0/0 reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT) target prot opt source destination # check selinux root@grumpy ~]# sestatus SELinux status: disabled # netstat output [root@grumpy ~]# netstat -anp Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp0 0 0.0.0.0:32690.0.0.0:* LISTEN 1114/samba tcp0 0 0.0.0.0:389 0.0.0.0:* LISTEN 1114/samba
Re: [Samba] Samba 4.0.3 on CentOS 6.3 as PDC.
On Tue, Feb 26, 2013 at 8:23 AM, Mike Stroven mike.stro...@visole-energy.com wrote: Any help here? I have included all of the output of the suggested diags that Thomas said I should run, but I admit that I'm not sure what I'm looking for, as I'm not familiar with RPC functionality on Linux. Something is not working with RPC on my Samba 4.0.3 server. (FWIW, it doesn't work with IPTables stopped either.) On Mon, Feb 25, 2013 at 2:21 PM, Mike Stroven wrote: I finally have everything working that can be verified from the server command line. Running Bind9.8 with DLZ support. Verified Kerberos 5 running. Now attempting to join Windows XP machines to the domain, and am getting an error: The RPC server is unavailable. Any pointers? On Mon, Feb 25, 2013 at 6:55 PM, Thomas Simmons wrote: You're likely to get more support on the user's list ( samba@lists.samba.org). If you're certain everything is working on the server and the client network config is correct (you have the DC's IP as the primary DNS server), then my first guess would be iptables or selinux. If you need further assistance, output from the following commands would be useful: # test samba [root@grumpy ~]# /usr/local/samba/bin/smbclient //grumpy/netlogon -UAdministrator%'**' -c ls Domain=[TROY] OS=[Unix] Server=[Samba 4.0.3] . D0 Mon Feb 25 09:53:33 2013 .. D0 Fri Feb 22 17:09:24 2013 40757 blocks of size 131072. 20332 blocks available # test kerberos [root@grumpy ~]# kinit administra...@visole-energy.com Password for administra...@visole-energy.com: Warning: Your password will expire in 41 days on Mon Apr 8 18:14:03 2013 # check iptables [root@grumpy ~]# iptables -nL Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- 0.0.0.0/00.0.0.0/0 state RELATED,ESTABLISHED ACCEPT icmp -- 0.0.0.0/00.0.0.0/0 ACCEPT all -- 0.0.0.0/00.0.0.0/0 ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:22 /* SSH */ ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:53 /* DNS */ ACCEPT udp -- 0.0.0.0/00.0.0.0/0 state NEW udp dpt:53 /* DNS UDP */ ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:80 /* HTTP */ ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:88 /* Kerberos */ ACCEPT udp -- 0.0.0.0/00.0.0.0/0 state NEW udp dpt:123 /* NTP */ ACCEPT udp -- 0.0.0.0/00.0.0.0/0 state NEW udp dpt:135 /* RPC UDP */ ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:135 /* RPC TCP */ ACCEPT udp -- 0.0.0.0/00.0.0.0/0 state NEW udp dpt:138 /* NetBIOS Netlogon and Browsing */ ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:139 /* NetBIOS Session */ ACCEPT udp -- 0.0.0.0/00.0.0.0/0 state NEW udp dpt:389 /* LDAP UDP */ ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:443 /* HTTPS */ ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:445 /* SMB CIFS */ ACCEPT udp -- 0.0.0.0/00.0.0.0/0 state NEW udp dpt:445 /* SMB CIFS UDP */ ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:464 /* Kerberos Password Management */ ACCEPT udp -- 0.0.0.0/00.0.0.0/0 state NEW udp dpt:464 /* Kerberos Password Management UDP */ ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:636 /* LDAP SSL */ ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:3268 /* LDAP Global Catalog */ ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:3269 /* LDAP Global Catalog SSL */ ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:1 /* Webmin */ REJECT all -- 0.0.0.0/00.0.0.0/0 reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT) target prot opt source destination REJECT all -- 0.0.0.0/00.0.0.0/0 reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT) target prot opt source destination # check selinux root@grumpy ~]# sestatus SELinux status: disabled # netstat output [root@grumpy ~]# netstat -anp Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp0 0 0.0.0.0:32690.0.0.0:* LISTEN 1114/samba tcp0 0 0.0.0.0:389 0.0.0.0:* LISTEN
