|
Posted by Jay on June 8, 2007, 9:15 am
Please log in for more thread options
Thanks, Svyatoslav
I am aware of the tcp/udp, I was just trying to be brief :)
Just wondering - can this be done in a simpler way? Is Ipsec a better
option?
> What is missing:
>
> * RPC endpoint mapper (135/TCP) + a fixable
> (http://support.microsoft.com/kb/224196/) port for login services
> * LDAP to GC (3268/TCP)
> * ICMP ping
>
> Note that Kerberos is UDP by default and LDAP is using both TCP and UDP
> (UDP = LDAP ping); DNS also may use TCP. Protocols are important. SSL may
> change port requirements, too. See http://support.microsoft.com/kb/832017/
>
> --
> Svyatoslav Pidgorny, MS MVP - Security, MCSE
> -= F1 is the key =-
>
> * http://sl.mvps.org * http://msmvps.com/blogs/sp *
>
>> straightforward question - I have a range of PCs that are separated from
>> their domain controller by a PIX. I need to know what ports are required
>> for me to join these clients to the domain.
>>
>> the doc 'Active Directory in Networks Segmented by Firewalls' leads me to
>> believe I need:
>>
>> 445 (DS)
>> 88 (Kerberos)
>> 389 (LDAP)
>> 53 (DNS)
>>
>> assume both TCP and UDP for the above. The problem is I am getting and
>> RPC error and I see 135 being dropped by my PIX. What are the ports
>> needed to join a computer to a domain?
>>
>> Is there a 'right' way to do this?
>>
>> Thanks
>> Blake
>
>
| 
XML Sitemap