Active Directory Authentication over Firewalls

Active Directory Authentication over Firewalls
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Microsoft Applications Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Active Directory Authentication over Firewalls Nir B 01-31-2006
Posted by Nir B on January 31, 2006, 1:42 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Hi All,

What are the minimum ports that I need to open on my FW for AD
authentication?


Thanks,

Nir



Posted by S. Pidgorny on January 31, 2006, 5:03 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Hi Nir,

Depends on your authentication mechanism. For example, one way to
authenticate is to use the user credentials in LDAP query - in that case,
you only need to open LDAP (or LDAPs) port from the authenticator to the
domain controller. Kerberos authentication requires Kerberos ports open.
Certificate authentication requires only access to CRLs, which might not
involve any open ports to the infrastructure.

If you are to place full Windows client behing a firewall, then you'll need
to open a bunch f ports - actually, same ports as for the replication - see

http://www.microsoft.com/technet/prodtechnol/windows2000serv/technologies/activedirectory/deploy/confeat/adrepfir.mspx

As a bare minimum, you'll need Kerberos over UDP, UDP and TCP ports for
LDAP, TCP port for LDAP to GC, DNS ports, RPC portmapper and a single RPC
port from dymnamic range, CIFS direct hosting (445/TCP), and ping (so that
the client can measure link speed and pull the policies)


--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-


> Hi All,
>
> What are the minimum ports that I need to open on my FW for AD
> authentication?
>
>
> Thanks,
>
> Nir
>



Similar ThreadsPosted
Looking for a proximity solution for Active Directory authentication April 27, 2006, 4:39 pm
Cross Domain Authentication - Active Directory July 18, 2006, 11:07 am
active directory August 24, 2005, 6:52 pm
Active Directory and DMZ February 11, 2008, 10:12 am
Need help on Active directory server August 12, 2005, 6:29 am
Active Directory and SSL Certificates January 11, 2006, 5:08 pm
dates in active directory February 20, 2008, 6:04 pm
Using IPSec with Active Directory authetication September 5, 2005, 2:52 am
IIS 6 w/ NT 4.0 and Active Directory Domain Accounts October 11, 2005, 1:16 pm
User Rights In Active Directory January 11, 2006, 12:50 pm

The site map in XML format XML site map

Contact Us | Privacy Policy