Question:
What are the ports that need to be opened in a firewall for Centrify DirectControl and DirectAudit to operate successfully?
Answer:
Ports that must be open for a Unix or Linux computer to join the Active Directory domain and authenticate through a firewall are:
| 389 | TCP/UDP | LDAP |
| 3268 | TCP | LDAP GC |
| 88 | UDP/TCP | Kerberos Auth |
| 464 | UDP/TCP | Kerberos Change Password |
| 53 | TCP/UDP | DNS |
| 445 | TCP/UDP | SMB |
Other possible ports required:
| 123 | UDP | SNTP (Simple network time protocol)
Time syncs with the domain controller are essential in CDC mechanisms. However this can be closed provided the external servers can get accurate time updates. |
| 22 | TCP/UDP | SSH/SSHD (including Putty, OpenSSH) |
For further info, please see the attached document.
