[Samba] samba without netbios

William Burns bburns at aeroflex.com
Tue Oct 25 13:12:12 GMT 2005

>On Monday 24 October 2005 14:06, julius Junghans wrote:
>>ive read a lot in the howto about netbios/ddns, but im still confused if
>>its possible for samba to only use tcp/ip without netbios.
>>are there any howtos for this topic that are not mentioned in the samba3
John H Terpstra wrote:

>Please point me to the documentation (section and page number please) that you 
>have referred to and that is not clear to you. I need to know so I can fix 
I don't know what Julius is looking at but...
I'm looking into similar docs re: DFS not working on SAMBA servers that
are referred to w/ fully.qualified.sub.domains... (even though a
straight samba share WILL work under that name)

I figure that all the info that Julius needs is in the docs...
Here's how he might proceed to get where he wants to go.

At the bottom of this section:
http://us3.samba.org/samba/docs/Samba-Guide.pdf Routed Networks - Page 480

There's a pretty definitive sounding statement:

> Note
> The use of DNS is not an acceptable substitute
> for WINS. DNS does not store specific
> information regarding NetBIOS networking
> particulars that get stored in the WINS
> name resolution database and that Windows
> clients require and depend on.

That sounds like a "no".

But, later in section
"15.1 Joining a Domain: Windows 200x/XP Professional"
at the bottom of page 495, there's this:

> Where NetBIOS technology uses WINS as well as UDP broadcast
> as key mechanisms for name resolution, Active Directory
> servers register their services with the Microsoft Dynamic DNS
> server. Windows clients must be able to query the correct DNS
> server to find the services (like which machines are domain controllers
> or which machines have the Netlogon service running).

So, sometime you HAVE to use DNS....
Later there's a note that you don't have to do this [DNS] if you're in a
SAMBA domain.
But... Does this mean I can disable Netbios/Netbeui?

There's A direct answer to Julius' question in section
"16.5 Questions and Answers"
at the bottom of page 554

> 6. Q: Is it possible to reduce network broadcast activity with
> Samba-3?
> A: Yes, there are two ways to do this. The first involves
> use of WINS (See TOSHARG2, Chapter 9, Section 9.5, “WINS
> — The Windows Inter-networking Name Server”); the alternate
> method involves disabling the use of NetBIOS over TCP/IP. This
> second method requires a correctly configured DNS server (see
> TOSHARG2, Chapter 9, Section 9.3, “Discussion”)

Plus the following note:

> Note
> Use of SMB without NetBIOS is possible only
> on Windows 200x/XP Professional clients
> and servers, as well as with Samba-3.

Personally, I find the answer to question 6 a little confusing because I
*thought* that in Win'9x, disabling "NetBIOS over TCP/IP" meant that
you'd get no SMB traffic on the TCP/IP side of that client. (It'd be all

This Win' 9x "NetBIOS over TCP/IP" config feature does not exist in Win'
XP as such, but is provided by Win' XP's "TCP/IP NetBIOS Helper" in
Control-Panel/Services which "Enables support for NetBIOS over TCP/IP
(NetBT) service and NetBIOS name resolution"
This service sometimes inexplicably gets turned off, causing the Win'XP
client to fail to use DNS resolution to resolve SMB names.

But... it IS possible....
That brings us to this section
which is not numbered in the html version ??? but in the PDF version has
a section number:
"9.3.2 TCP/IP without NetBIOS"
On page 151 we learn:

> Use of raw SMB over TCP/IP (No NetBIOS layer) can be done only with
> Active Directory domains. Samba is not an Active Directory domain 
> controller:
> ergo, it is not possible to run Samba as a domain controller and at
> the same time not use NetBIOS.

But, it should be possible to do this w/ a stand-alone SAMBA server.

And then, a very interesting statement:

> Where Samba is used as an Active Directory
> domain member server (DMS) it is possible to configure Samba to not
> use NetBIOS over TCP/IP.

This is interesting because I *thought* that I was concerned about
replacing NetBIOS w/ DNS name resolution on my Win'XP clients.
Is this also about how SAMBA resolves names?
I hadn't given any thought to the possibility that SAMBA might need to
resolve an IP from a PC name.., or even know the PC name at all...
IS this a requirement? I mean, isn't the smbd process passive? Maybe

> if NetBIOS over TCP/IP is disabled, it is
> necessary to manually create appropriate DNS entries for the Samba DMS
> because they will not be automatically generated either by Samba, or by
> the ADS environment.

Now, it seems like I've been told that: if I want to have a SAMBA server
without NetBIOS (only DNS) name services enabled on the clients, my only
hope is to get a SAMBA member server into my Active Directory domain.
I'd expect to see the SRV records that I need to put into A.D. spelled
Is that what's on page 152?

Instead, it looks like lots of stuff that an AD domain puts into DNS is
I don't get the idea that these are the few things that I need to ADD to
an existing MS-DNS server in order to get my member server going.
(Am I wrong?)

Then I'm supposed to double-check my work by looking on a DNS server
named frodo for what provides LDAP service for
"_ldap._tcp.dc._msdcs.quenya.org" ?

Phew... That was supposed to convince me that SAMBA/AD domain membership
is not for the faint-of-heart, right?
Either that, or it was supposed to encourage me (w/ a wink) to take on
the challenge of going straight to doing everything w/ a linux-based DNS
server in place of MS-DNS.

Which.... Might cause me to look at the section on DDNS, and DHCP, where
I *think* Julius was looking....
And I might be encouraged to tilt at the ISC vs. MS DNS windmill. (It
would be cool, wouldn't it?)

But I, as a non-unix-wizard, should really be looking back at:
"6.3 Domain Member Server"
"6.4 Samba ADS Domain Membership"
on Page 107.

> This is a rough guide to setting up Samba-3 with Kerberos authentication
> against a Windows 200x KDC. A familiarity with Kerberos is assumed.

Where I can bite the kerberos configuration bullet, and refer to a few
microsoft documents to help me get a SAMBA server kerberized right into
an AD domain.
And then, when I've got that done, I can turn off NetBIOS over TCP/IP on
my Win'XP clients.
At least... I think that's the intent of the docs... If I was reading
that right.


More information about the samba mailing list