We help IT Professionals succeed at work.

port on ubuntu

Medium Priority
155 Views
Last Modified: 2020-01-24
on my ubuntu 18 (lxd) i need to open port 389 for ldap
i used command ufw allow 389
and check firewall the port is open.
from remote i connect telnet "my_server_ip" 389
connection refused
i stop firewall in in "my_server"
and try from remote : telnet "my_server_ip" 389 : still connection refused
(port 23 for telnet is open) what is wrong.
from server self telnet "server_name" 389 is working

from remote
nmap "my_server_ip" -Pn 389

Nmap scan report for 389 (0.0.1.133)
Host is up.
All 1000 scanned ports on 389 (0.0.1.133) are filtered

Nmap done: 2 IP addresses (2 hosts up) scanned in 4.19 seconds

but nmap "my_server_ip" -P 389

show all open port and 389 is not there.
Comment
Watch Question

Author

Commented:
try from application:
Unable to connect to ldap://ldap:389 : javax.naming.OperationNotSupportedException: [LDAP: error code 53 - Unauthenticated binds are not allowed]
CERTIFIED EXPERT

Commented:
you have a secondary firewall kicking in. possibly the one on the lxd host rather than the guest

Author

Commented:
no it was dns mismatch in my freeipa. i can run it correct now but from applicatiob i get error
javax.naming.OperationNotSupportedException: [LDAP: error code 53 - Unauthenticated binds are not allowed]
CERTIFIED EXPERT

Commented:
you probably need to authenticate using v2c or v3

Author

Commented:
what does it mean? how?
David FavorFractional CTO
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Background: I've worked with LXC/LXD since first codebase release. Also worked across the move to Netplan based networking. Also worked across move from APT to SNAP.

To get this working a fair bit of detail is required.

1) Mention the history of your machine install process. Specifically if you did a fresh install or did an in place update.

2) Mention if your LXD version was a fresh SNAP install or in place update from APT.

3) Mention if other ports are accessible.

4) Mention if disabling all iptables rules at machine level + inside container allows access to port 389 or not.

5) First let's make sure you're running the correct version of LXD.

Check this command...

dpkg -l | egrep -e lxc -e lxd

Open in new window


If any output is produced, use apt-get purge on every package reported, then do the following...

snap install lxd
snap refresh
reboot

Open in new window


After reboot, these 2x commands should show exact same LXD version. If not, this must be fixed before proceeding.

net14 # snap list
Name  Version    Rev    Tracking  Publisher   Notes
core  16-2.42.5  8268   stable    canonical✓  core
lxd   3.18       12631  stable    canonical✓  -

net14 # lxd --version
3.18

# You'll require your ~/.bashrc file where SNAP version of LXD commands are found
net14 # which lxd
/snap/bin/lxd

Open in new window


6) Provide output of following commands, all issued at machine level.

uname -a

lsb_release -a

snap list

which lxc

/bin/ls -l /etc/network

/bin/ls -l /etc/netplan

/bin/ls -l /etc/systemd/network

cat /etc/systemd/network/50-default.network

route -n

lxc list

Open in new window

nociSoftware Engineer
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
first port 23 doesn't need to be opened....

For a server to respond to a service call to a port there are 2 things to be done:
1) Allow access by firewall
2) start the service configured on that port.
(is LDAP configured for listening on 389?, or SSL LDAP only (port 636)

In your case the problem most likely is the LDAP service not running from root, (only uid=0 processes are allowed to open ports 1-1023. )
As your log message seems to indicate.

If the message is from a client you need a username/password to be able to connect to the LDAP service.
CERTIFIED EXPERT

Commented:
Those are parameters you pass to the  client.

using ldapsearch, the option is -v but you are using a java client. The code or parameters should help. Apparently it runs ldap_bind without authentication which the server rejects.

@noci @david : he already solved the network issue which was due to a wrong dns. the current error message is somewhere above.
Software Engineer
CERTIFIED EXPERT
Distinguished Expert 2019
Commented:
So my last remark is useful:

If the message is from a client you need a username/password to be able to connect to the LDAP service.

Author

Commented:
it's working now. password was mismatch.