[Samba] Minimal configuration for Name Service

Marc Muehlfeld samba at marc-muehlfeld.de
Wed Feb 26 11:53:06 MST 2014

Am 26.02.2014 18:57, schrieb Thiago Crepaldi:
>> I think, the most minimal config is:
>> [global]
>> workgroup = WKG
>> netbios name = MYNAME
> I guess I expressed myself poorly. I need a minimal configuration that is
> also as safe as possible, so it is desired to turn off all unnecessary
> services.

If you use this minimal config and only start nmbd, then only port 
137/udp and 138/udp are opened and Samba replies only to name requests. 
I'm not an expert about netbios, but I think, there isn't much to make 
more secure.

If you require smbd also to be started, then it would listen to 445/tcp 
and 139/tcp as well. But it won't authenticate or something else, as it 
is not a domain member nor have a user backend configured, etc. So I 
think there's also nothing special to secure.

> As we can't assume there is a DNS Server, I thought we maybe could use
> NetBIOS Name Service to do the trick.

With the above minimal config and only nmbd started, you can

# ping myname

(tried from Win8 with the above minimal config) as the name is resolved 
through netbios broadcast (what requires to have both machines in the 
same subnet).


More information about the samba mailing list