[Samba] Minimal configuration for Name Service
Marc Muehlfeld
samba at marc-muehlfeld.de
Wed Feb 26 11:53:06 MST 2014
Am 26.02.2014 18:57, schrieb Thiago Crepaldi:
>> I think, the most minimal config is:
>>
>> [global]
>> workgroup = WKG
>> netbios name = MYNAME
>>
>
> I guess I expressed myself poorly. I need a minimal configuration that is
> also as safe as possible, so it is desired to turn off all unnecessary
> services.
If you use this minimal config and only start nmbd, then only port
137/udp and 138/udp are opened and Samba replies only to name requests.
I'm not an expert about netbios, but I think, there isn't much to make
more secure.
If you require smbd also to be started, then it would listen to 445/tcp
and 139/tcp as well. But it won't authenticate or something else, as it
is not a domain member nor have a user backend configured, etc. So I
think there's also nothing special to secure.
> As we can't assume there is a DNS Server, I thought we maybe could use
> NetBIOS Name Service to do the trick.
With the above minimal config and only nmbd started, you can
# ping myname
(tried from Win8 with the above minimal config) as the name is resolved
through netbios broadcast (what requires to have both machines in the
same subnet).
Regards,
Marc
More information about the samba
mailing list