Basic authentication on a network consists of several steps. First, the client locates a domain controller (DC), which requires DNS connectivity–port 53 on UDP and TCP. Next, the client performs a connectivity test by using a Lightweight Directory Access Protocol (LDAP) Ping–port 389 over UDP. Then, the client uses Kerberos (port 88 via UDP and TCP) and Server Message Block (SMB, port 445 via UDP and TCP) to complete the authentication to the DC. Therefore, you must enable all these ports.