[PATCH] honour 'disable netbios' to discourage messing with 'server services'

Dewayne Geraghty dewayne.geraghty at heuristicsystems.com.au
Wed Feb 6 21:21:22 MST 2013 

> -----Original Message-----
> From: Andrew Bartlett [mailto:abartlet at samba.org] 
> Sent: Wednesday, 6 February 2013 9:05 PM
> To: Dewayne Geraghty
> Cc: samba-technical at samba.org
> Subject: [PATCH] honour 'disable netbios' to discourage 
> messing with 'server services'
> 
> On Wed, 2013-02-06 at 15:42 +1100, Dewayne Geraghty wrote:
> 
> > For the FreeBSD folk, because this is a FreeBSD 9.1 jail 
> this message is produced during a 4.0.1 server startup:
> > 	Failed to bind to 10.0.5.255:137 - 
> NT_STATUS_ADDRESS_NOT_ASSOCIATED 
> > Which I ignore for the time being as samba boots.  However 
> on 4.0.3 the behaviour is different
> > 	Failed to bind to 10.0.5.255:137 - 
> NT_STATUS_ADDRESS_NOT_ASSOCIATED
> > 	task_server_terminate: [nbtd failed to setup interfaces]
> > 	samba_terminate: nbtd failed to setup interfaces And 
> stops. So I 
> > removed nbt from the "server services" line above.
> > 
> > Win PC's can depart, join, login and access fileshares; and 
> smbclient -k works nicely.
> > The homedrive isn't being mapped, but that's a different matter
> 
> Dewayne,
> 
> I'm not sure why a FreeBSD jail restricts Samba from 
> listening on this socket, but the 'fail all of samba' 
> behaviour is quite deliberate.  We do not want to debug 'half 
> of samba' configurations, at least for now all services a required.  
> 
> It may well still appear to work, assuming nothing else (eg 
> nmbd) attempts to provide a conflicting service, because a 
> well functioning modern client will use DNS in preference, 
> but we do not recommend it.  
> 
> Instead, work out why you cannot bind to this port.  (We bind 
> to broadcast sockets due to the nature of nbt broadcasts.  
> I'm not sure of the exact details however). 
> 
> If you want to disable using netbios on your network, please 
> test the attached patch for me, by setting 'disable netbios = 
> yes' in the smb.conf.  The nbt server should not start, nor 
> should we use it as a client.  (This patch does not make nmbd 
> honour this setting yet however)
> 
> Andrew Bartlett
> 
> -- 
> Andrew Bartlett                                
> http://samba.org/~abartlet/
> Authentication Developer, Samba Team           http://samba.org
> 
> 

Results of the patch (before,after):
With smb.conf:
  server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc, dnsupdate
Result:
  task_server_terminate: [nbtd failed to setup interfaces]
  samba_terminate: nbtd failed to setup interfaces

With smb.conf:
  server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc, dnsupdate
  disable netbios = yes
Result - OK (no nbt)

This now performs as expected using "disable netbios".  Thank-you.

In regard to port 137, from truss I obtain this snippet. 

fcntl(36,F_SETFL,O_NONBLOCK|0x2)                 = 0 (0x0)
__sysctl(0x7fffffffd450,0x6,0x0,0x7fffffffd468,0x0,0x0) = 0 (0x0)
__sysctl(0x7fffffffd450,0x6,0x81e43b600,0x7fffffffd468,0x0,0x0) = 0 (0x0)
socket(PF_INET,SOCK_DGRAM,0)                     = 37 (0x25)
fcntl(37,F_GETFD,)                               = 0 (0x0)
fcntl(37,F_SETFD,FD_CLOEXEC)                     = 0 (0x0)
fcntl(37,F_GETFL,)                               = 2 (0x2)
fcntl(37,F_SETFL,O_NONBLOCK|0x2)                 = 0 (0x0)
setsockopt(0x25,0xffff,0x20,0x7fffffffd304,0x4,0x20) = 0 (0x0)
setsockopt(0x25,0xffff,0x4,0x7fffffffd2a4,0x4,0x4) = 0 (0x0)
bind(37,{ AF_INET 10.0.5.255:137 },16)           ERR#49 'Can't assign requested address'
Failed to bind to 10.0.5.255:137 - NT_STATUS_ADDRESS_NOT_ASSOCIATED
write(1,"Failed to bind to 10.0.5.255:137"...,68) = 68 (0x44)
close(37)                                        = 0 (0x0)

Prior to & after running samba, "netstat -na" shows
Proto Recv-Q Send-Q Local Address          Foreign Address        (state)
tcp4       0      0 10.0.5.241.953         *.*                    LISTEN
tcp4       0      0 10.0.5.241.53          *.*                    LISTEN
udp4       0      0 10.0.5.241.53          *.*
udp4       0      0 10.0.5.241.514         *.*
Active UNIX domain sockets
...

The interface is configured from "ifconfig blue |egrep "flags|inet"
blue: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        inet 10.0.5.241 netmask 0xffffff00 broadcast 10.0.5.255

This server is dedicated to learning about Samba4, the other services running are: ssh, syslog. 

Is there's something else I can do to help narrow the problem?
Kind regards, Dewayne.

More information about the samba-technical mailing list