[Samba] Running smbd 4 + nmbd 3?

Rowland penny rpenny at samba.org
Thu Mar 11 22:41:12 UTC 2021

On 11/03/2021 22:19, Lou via samba wrote:
> On Thu, Mar 11, 2021 at 09:56:39PM +0000, Rowland penny via samba wrote:
>> No, you must use the nmbd that comes with Samba 4, the problem is 
>> that you will have to use SMBv1 at both ends. This is not really a 
>> problem, it is just a bit insecure and you might not need to run 
>> nmbd. It might help if you can describe your setup in more detail and 
>> if you have anything that must use SMBv1 (something that will not 
>> work without SMBv1).
> Thanks for the reply.
> I have two servers:
> smbd-server -> provides file sharing and runs smbd 3.6.25
> nmbd-server -> it is the PDC and runs nmbd < 3.6.25
> At smbd-server, smb.conf has the following line:
> wins server = openldap.ufabc.int.br
> So, nmbd that runs in nmbd-server, so nmbd-server runs as a wins 
> server.  It
> uses LDAP as a backend.
> I need to enable latest protocols (SMB3+) for smbd-server
> Alternatives I thought about:
> 1. Upgrade everything to Samba 4 as an AD DC.  This is not a good 
> choice for
> now, because I'd have to change the whole organization structure.
> 2. Upgrade everything to Samba 4, but do not "enable AD".  Make it use 
> our LDAP
> backend, so the change would be invisible to the clients.
> 3. Upgrade only smbd to Samba 4 and make it use the old nmbd at 
> nmbd-server as
> a wins server.  I tried it but I had no success.
> I'd prefer go for 3, and then 2, and then 1, if it is possible. Any
> recommendations?
> Thanks.

Bite the bullet, classicupgrade to AD. 😁

You are running Samba as an NT4-style domain with ldap, so you are 
possibly also using smbldap-tools, this is more than EOL, it is dead, 
there is absolutely nobody maintaining it.

Samba is working hard to remove SMBv1 and a lot of what an NT4-style 
domain relies on was deprecated at 4.13.0 . Windows 10 has SMBv1 turned 
off by default, so you have to manually turn it back on, Microsoft could 
decide to turn it off completely.

An NT4-style domain is yesterdays technology, AD is the way forward. If 
you must keep your domain running whilst you test the upgrade path, then 
use Samba 4 and run smbd, nmbd and winbind on the PDC etc.


More information about the samba mailing list