Samba should use the RPC port range of Windows 2008 and newer. Those are the ports defined my Microsoft and normally opened in internal firewalls. See details here: https://support.microsoft.com/en-us/kb/179442 Patch will follow to use the default range for Win2008 and make it configureable.
Created attachment 12864 [details] patchset for 4.6
Created attachment 12865 [details] WHATSNEW update
Comment on attachment 12865 [details] WHATSNEW update I think this should be added to the "new options for controlling TCP ports used for RPC services" section (while making it explicit that one option only applies to the ad-dc and the other to all roles). It should also be added to the smb.conf changes section.
Created attachment 12900 [details] WHATSNEW update v2
Comment on attachment 12900 [details] WHATSNEW update v2 I think should add a note that one option only applies to the ad dc and the other one to all server roles.
Created attachment 12934 [details] WHATSNEW for 4.6
I thought this made it to Samba 4.6, but the WHATSNEW.txt entry didn't get the required review ...
Too late for Samba 4.6 :(