Question:
What are the ports that need to be opened in a firewall for Centrify DirectControl and DirectAudit to operate successfully?
Answer:
Ports that must be open for a Unix or Linux computer to join the Active Directory domain and authenticate through a firewall are:
389 | TCP/UDP | LDAP |
3268 | TCP | LDAP GC |
88 | UDP/TCP | Kerberos Auth |
464 | UDP/TCP | Kerberos Change Password |
53 | TCP/UDP | DNS |
445 | TCP/UDP | SMB |
Other possible ports required:
123 | UDP | SNTP (Simple network time protocol) Time syncs with the domain controller are essential in CDC mechanisms. However this can be closed provided the external servers can get accurate time updates. |
22 | TCP/UDP | SSH/SSHD (including Putty, OpenSSH) |
For further info, please see the attached document.