Hi Kirk, Windows 2000 AD Authentication uses LDAP, so u need to open another ports too, like LDAP: 389 UDP/TCP and 3268 TCP, kerberos: 88 UDP/TCP and maybe another ones, like 135 TCP (RPC Service). What version of Windows r u using? -----Original Message----- From: Kirk [mailto:whereisgui@xxxxxxxxx] Sent: terça-feira, 3 de maio de 2005 15:07 To: netfilter@xxxxxxxxxxxxxxxxxxx Subject: rules to allow a machine to join a windows domain Hello everyone, I need to start moving three windows servers behind a firewall. Could someone tell me what ports I need to open so that the servers can join a windows domain? I already allow access to DNS( udp 53, tcp 53) and WINS(tcp 137) servers but the test server still can't join the domain. The error I get is "a domain controller could not be contacted". I should point out that I'm able to connect to websites from the test server and I can connect to the web server I installed for testing incoming connections. Also, I'm able to join the domain when I take the machine off the firewall. Any hints will be appreciated. Thanks, -K
