cm_prepare_connection() & SMBSERVER Netbios query

Volker Lendecke Volker.Lendecke at SerNet.DE
Tue Dec 14 01:16:49 MST 2010

On Tue, Dec 14, 2010 at 07:24:44AM +0000, Dina_Fine at wrote:
> > > Sure, sounds perfectly reasonable. The simplest way would be to just
> > > skip 139 if winbind knows that a domain is AD. 
> What do you mean if winbind knows that a domain is AD - what else can it be?

Well, there are Samba domain controllers around, and I bet
there are still NT4 domains in production.

> Why winbind needs 139 at all? Is it used for some real
> netbios purpose? Can it try to open only port 445?

For Samba upstream I fear that we break installations with
broken firewall setups where port 445 is blocked and port
139 is allowed. We used to attempt a connection to 139, and
just dropping that might break sites unnecessarily.

> I ask those questions because we also have a product with
> samba 3.0.37 and I want to make a very small change there.
> Your patch is relevant to 3.5.x which I will test later on
> our other product branch.

For your 3.0.37 build I would just delete the code that
connects to port 139. Probably you have a sufficient path to
your customers to explain this change and the implications
required for the firewall setups. With upstream Samba we
don't have a real path to all our customers.


More information about the samba-technical mailing list