[Samba] Open (obsolete?) ports on Samba DCs

Peter Milesson miles at atmos.eu
Fri Oct 27 17:45:22 UTC 2023

On 26.10.2023 20:30, Peter Milesson via samba wrote:
> Hi folks,
> I just noted that the Netbios ports are active and listening on a 
> Samba AD DC with the default configuration. On member servers they 
> don't exist.
> I have several domains with mixes of Windows and Linux servers and 
> PCs, and I have disabled the old insecure protocols long ago.
> Is this by design, or are you supposed to plug them yourself after 
> installation?
> I'm using Samba 4.18.8 everywhere (from Debian Bookworm backports).
> Best regards
> Peter
Hi folks,

I have been experimenting a little. I have set "disable netbios = yes" 
and "smb ports = 445" in the smb.conf on the DCs of two domains. Now, 
the ports used by Netbios are gone. I have not detected any adverse 
effects so far.

I also executed testparm -s -v on a DC, and it seems the printing 
subsystem is loaded. I also added the recommended lines for disabling 

printcap name=/dev/null
load printers=no
disable spoolss=yes

This resulted in a reduction of used memory of about 40 megs.

Wouldn't it be a good idea to make those settings default in modern 
Samba installations WRT security (mostly disabling Netbios)? I guess 
they could be appended to the auto generated smb.conf when provisioning 
a DC.

If somebody knows of some bad side effects from my tweaking, I would be 
very interested to know.

Best regards,


More information about the samba mailing list