[Samba] samba without netbios
julius.junghans at gmx.de
Wed Oct 26 12:23:59 GMT 2005
John H Terpstra wrote:
>OK - I'll try to answer this.
>Originally Windows networking used only NetBIOS over TCP/IP.
>Browsing uses a complex interaction of name registration and resolution
>involving UDP ports 137 and 138. Port 137 is the NetBIOS Name Server port,
>but it is also used to handle all browsing operations. Browsing is the
>ability to locate domains and machines over the network.
>A NetBIOS machine name must be resolved to its IP address. This can be done
>using WINS using NetBIOS unicast requeries over unicast UDP, or via NetBIOS
>broadcasts over UDP broadcast using port 137.
>File and print sharing operations under NetBIOS over TCP/IP are performed over
>TCP port 139. Both ends of the NetBIOS over TCP/IP connection must know each
>others NetBIOS name. Name resolution is vital to NetBIOS over TCP/IP
>operation - WINS is your friend because it adds reliability and reduces
>network UDP traffic.
>Windows 2000 introduces ADS!
>Enter Windows 2000 with ADS, and the ability to disable NetBIOS over TCP/IP.
>In its place Windows 200X uses DNS, Kerberos, LDAP, and Raw SMB over TCP/IP.
>The DNS, Kerberos and LDAP services run over the standard well-known ports.
>Raw SMB over TCP/IP uses TCP port 445.
>On Windows 200X clients, when NetBIOS over TCP/IP is disabled, and an attempt
>is made to join a domain, the client automatically tries to use the
>combination of DNS, Kerberos, LDAP and TCP port 445 services with the
>expectation that Microsoft Active Directory is being used. In order to remain
>backwards compatible, TCP port 139 can also be used.
>The mechanisms behind TCP ports 139 and 445 are very different. A connection
>made on port 445 must be able to resolve the fully qualified hostname using
>the protocols expected within ADS. That is, via DNS using SRV records as well
>as A records. Additionally, the client will try to use Kerberos information
>to contact the DNS server and the LDAP server. It expects to find SMB
>information in the Kerberos PAC (a data blob inside the Kerberos ticket that
>is unique to ADS's implementation).
>With ADS browsing involves DNS, LDAP and Raw SMB traffic over ports 445 and
>139. The client expects all the information that it wold obtain if it were a
>member of an ADS domain.
>Samba-3 supports port 445 and all operations necessary to be an ADS domain
>member server. It can not be an ADS server, and it can not be an ADS domain
>controller. That functionality is being added in the Samba-4 project.
>What this means is, that if you disable NetBIOS over TCP/IP on your clients
>and on Samba-3, you will not be able to browse the network. Additionally,
>Samba can NOT be a domain controller. It can be a stand-alone server without
>NetBIOS over TCP/IP.
>Samba-3 can be a file and print server for Windows clients that have NetBIOS
>disabled - but some things may break.
>In short, NetBIOS-less SMB implies ADS. Samba-3 is not an ADS server. Ergo, NO
>ADS for all practical purposes means DOES NOT WORK.
Thx for the awnser,
so no real solution until samba 4.
More information about the samba