[Samba] samba without netbios

julius Junghans julius.junghans at gmx.de
Wed Oct 26 12:23:59 GMT 2005

John H Terpstra wrote:

>OK - I'll try to answer this.
>Originally Windows networking used only NetBIOS over TCP/IP.
>Browsing uses a complex interaction of name registration and resolution 
>involving UDP ports 137 and 138. Port 137 is the NetBIOS Name Server port, 
>but it is also used to handle all browsing operations. Browsing is the 
>ability to locate domains and machines over the network.
>A NetBIOS machine name must be resolved to its IP address. This can be done 
>using WINS using NetBIOS unicast requeries over unicast UDP, or via NetBIOS 
>broadcasts over UDP broadcast using port 137.
>File and print sharing operations under NetBIOS over TCP/IP are performed over 
>TCP port 139. Both ends of the NetBIOS over TCP/IP connection must know each 
>others NetBIOS name. Name resolution is vital to NetBIOS over TCP/IP 
>operation - WINS is your friend because it adds reliability and reduces 
>network UDP traffic.
>Windows 2000 introduces ADS!
>Enter Windows 2000 with ADS, and the ability to disable NetBIOS over TCP/IP.
>In its place Windows 200X uses DNS, Kerberos, LDAP, and Raw SMB over TCP/IP.
>The DNS, Kerberos and LDAP services run over the standard well-known ports.
>Raw SMB over TCP/IP uses TCP port 445.
>On Windows 200X clients, when NetBIOS over TCP/IP is disabled, and an attempt 
>is made to join a domain, the client automatically tries to use the 
>combination of DNS, Kerberos, LDAP and TCP port 445 services with the 
>expectation that Microsoft Active Directory is being used. In order to remain 
>backwards compatible, TCP port 139 can also be used.
>The mechanisms behind TCP ports 139 and 445 are very different. A connection 
>made on port 445 must be able to resolve the fully qualified hostname using 
>the protocols expected within ADS. That is, via DNS using SRV records as well 
>as A records. Additionally, the client will try to use Kerberos information 
>to contact the DNS server and the LDAP server. It expects to find SMB 
>information in the Kerberos PAC (a data blob inside the Kerberos ticket that 
>is unique to ADS's implementation).
>With ADS browsing involves DNS, LDAP and Raw SMB traffic over ports 445 and 
>139. The client expects all the information that it wold obtain if it were a 
>member of an ADS domain.
>Samba-3 supports port 445 and all operations necessary to be an ADS domain 
>member server. It can not be an ADS server, and it can not be an ADS domain 
>controller. That functionality is being added in the Samba-4 project.
>What this means is, that if you disable NetBIOS over TCP/IP on your clients 
>and on Samba-3, you will not be able to browse the network. Additionally, 
>Samba can NOT be a domain controller. It can be a stand-alone server without 
>NetBIOS over TCP/IP.
>Samba-3 can be a file and print server for Windows clients that have NetBIOS 
>disabled - but some things may break.
>In short, NetBIOS-less SMB implies ADS. Samba-3 is not an ADS server. Ergo, NO 
>ADS for all practical purposes means DOES NOT WORK.

Thx for the awnser,

so no real solution until samba 4.


More information about the samba mailing list