Which TCP/UDP ports are used for Active Directory authentication when using SSSD?

Environment

• Red Hat Enterprise Linux 5
• Red Hat Enterprise Linux 6
• Red Hat Enterprise Linux 7
• Red Hat Enterprise Linux 8

Issue

• Which TCP/UDP ports are used for Active Directory authentication when using SSSD?
• Which TCP/UDP ports needs to be opened on firewall for Active Directory authentication when using SSSD method?

Resolution

• When using SSSD for configuring the RHEL system as an Active Directory client, following network ports will be used.

Source port -    Destination -    Protocol      - Service
1024:65535  -    53 	     -    TCP and UDP   - DNS
1024:65535  -    389 	     -    TCP and UDP   - LDAP
1024:65535  -    636	     -    TCP           - LDAPS
1024:65535  -    88 	     -    TCP and UDP   - Kerberos
1024:65535  -    464         -    TCP and UDP   - Kerberos change/set password (kadmin)
1024:65535  -    3268	     -    TCP           - LDAP Global Catalog (If "id_provider = ad" is being used)
1024:65535  -    3269	     -    TCP           - LDAP Global Catalog SSL
1024:65535  -    123	     -    UDP           - NTP (Optional)

• Following third party link provides detailed information on Active Directory ports requirement.
  Content from technet.microsoft.com is not included.Active Directory and Active Directory Domain Services Port Requirements

Disclaimer : Note that the link provided above points to a web site not owned or controlled by Red Hat. Use information present here at your own discretion.

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.