[Samba] Make nmbd bind to interfaces only

[Rowland Penny]

On Mon, 11 Feb 2019 17:47:21 +0000
Nick Howitt via samba <samba at lists.samba.org> wrote:

> Hi,
> I would like to have nmbd only bind to the interfaces specified in
> the interfaces line of smb.conf, in the same way that smbd does. When 
> researching this I did come across a mailing list thread saying there 
> was no use case, but I think I have one.
> 
> For many years ClearOS has been providing NT4 style domains and 
> unix-style shares. M$ upset the applecart last year with their 1803 
> update when joining NT4 domains got broken (it has since been fixed 
> since September '18, but I would assume the writing is on the wall
> for NT4 domains).
> 
> To get round the issue I loaded samba into docker using the 
> https://github.com/Fmstrat/samba-domain container. I wanted to
> continue to use the ClearOS samba configuration (v4.7.1 and soon to
> follow Centos to 4.8.3) for its file-sharing as a domain member. One
> of the problems I had was that if the native ClearOS instance of
> samba was started, the docker instance would refuse to start because
> of a port clash. To get round this for smbd was easy. All I had to do
> was bind to interfaces only, but nmbd would not obey. For nmbd I had
> to set:
> 
> nmbd bind explicit broadcast = yes
> socket address = 192.168.20.1
> 
> This is sort of OK if I have one LAN interface, but ClearOS is, among 
> other things, a router/firewall and as such can have multiple LAN
> and/or VLAN interfaces. Socket address can only have one IP address
> so I can't get all LAN interfaces to bind to it. Is there a way round
> this or does it make a reasonable use case for a modification request.
> 
> Thanks,
> 
> Nick
> 
> 

You really need to upgrade from your NT4-style domain, they are, as you
are aware, very fragile and easily broken. Samba's and Microsoft's
emphasise is very much on AD and as such, the NT4-style code easily
gets broken by accident.

Rowland