[Samba] Make nmbd bind to interfaces only

Nick Howitt nick at howitts.co.uk
Mon Feb 11 19:07:29 UTC 2019 


On 11/02/2019 18:47, Rowland Penny via samba wrote:
> On Mon, 11 Feb 2019 17:47:21 +0000
> Nick Howitt via samba <samba at lists.samba.org> wrote:
>
>> Hi,
>> I would like to have nmbd only bind to the interfaces specified in
>> the interfaces line of smb.conf, in the same way that smbd does. When
>> researching this I did come across a mailing list thread saying there
>> was no use case, but I think I have one.
>>
>> For many years ClearOS has been providing NT4 style domains and
>> unix-style shares. M$ upset the applecart last year with their 1803
>> update when joining NT4 domains got broken (it has since been fixed
>> since September '18, but I would assume the writing is on the wall
>> for NT4 domains).
>>
>> To get round the issue I loaded samba into docker using the
>> https://github.com/Fmstrat/samba-domain container. I wanted to
>> continue to use the ClearOS samba configuration (v4.7.1 and soon to
>> follow Centos to 4.8.3) for its file-sharing as a domain member. One
>> of the problems I had was that if the native ClearOS instance of
>> samba was started, the docker instance would refuse to start because
>> of a port clash. To get round this for smbd was easy. All I had to do
>> was bind to interfaces only, but nmbd would not obey. For nmbd I had
>> to set:
>>
>> nmbd bind explicit broadcast = yes
>> socket address = 192.168.20.1
>>
>> This is sort of OK if I have one LAN interface, but ClearOS is, among
>> other things, a router/firewall and as such can have multiple LAN
>> and/or VLAN interfaces. Socket address can only have one IP address
>> so I can't get all LAN interfaces to bind to it. Is there a way round
>> this or does it make a reasonable use case for a modification request.
>>
>> Thanks,
>>
>> Nick
>>
>>
> You really need to upgrade from your NT4-style domain, they are, as you
> are aware, very fragile and easily broken. Samba's and Microsoft's
> emphasise is very much on AD and as such, the NT4-style code easily
> gets broken by accident.
Totally agree. M$ want to kill SMB1 and NT4 domains have not been used 
by them for ages. This is why I've been going down the AD route and, to 
keep it all in a single box, putting the AD DC into docker and still 
using unix shares.
>
> Rowland
>   
>

More information about the samba mailing list