cm_prepare_connection() & SMBSERVER Netbios query

Dina_Fine at Dell.com Dina_Fine at Dell.com
Tue Dec 14 01:21:30 MST 2010


Alright, thanks
Just one more question: It means that with AD 2008 around you will need the port 445 be opened anyhow, correct? (since AD 2008 doesn't support *SMB_SERVER general name query)

Thanks
Dina

> -----Original Message-----
> From: Volker Lendecke [mailto:Volker.Lendecke at SerNet.DE]
> Sent: 14 December, 2010 10:17
> To: Fine, Dina
> Cc: samba-technical at lists.samba.org
> Subject: Re: cm_prepare_connection() & SMBSERVER Netbios query
> 
> On Tue, Dec 14, 2010 at 07:24:44AM +0000, Dina_Fine at Dell.com wrote:
> > > > Sure, sounds perfectly reasonable. The simplest way would be to just
> > > > skip 139 if winbind knows that a domain is AD.
> >
> > What do you mean if winbind knows that a domain is AD - what else can it be?
> 
> Well, there are Samba domain controllers around, and I bet
> there are still NT4 domains in production.
> 
> > Why winbind needs 139 at all? Is it used for some real
> > netbios purpose? Can it try to open only port 445?
> 
> For Samba upstream I fear that we break installations with
> broken firewall setups where port 445 is blocked and port
> 139 is allowed. We used to attempt a connection to 139, and
> just dropping that might break sites unnecessarily.
> 
> > I ask those questions because we also have a product with
> > samba 3.0.37 and I want to make a very small change there.
> > Your patch is relevant to 3.5.x which I will test later on
> > our other product branch.
> 
> For your 3.0.37 build I would just delete the code that
> connects to port 139. Probably you have a sufficient path to
> your customers to explain this change and the implications
> required for the firewall setups. With upstream Samba we
> don't have a real path to all our customers.
> 
> Volker


More information about the samba-technical mailing list