[Samba] Open (obsolete?) ports on Samba DCs
miles at atmos.eu
Fri Oct 27 17:45:22 UTC 2023
On 26.10.2023 20:30, Peter Milesson via samba wrote:
> Hi folks,
> I just noted that the Netbios ports are active and listening on a
> Samba AD DC with the default configuration. On member servers they
> don't exist.
> I have several domains with mixes of Windows and Linux servers and
> PCs, and I have disabled the old insecure protocols long ago.
> Is this by design, or are you supposed to plug them yourself after
> I'm using Samba 4.18.8 everywhere (from Debian Bookworm backports).
> Best regards
I have been experimenting a little. I have set "disable netbios = yes"
and "smb ports = 445" in the smb.conf on the DCs of two domains. Now,
the ports used by Netbios are gone. I have not detected any adverse
effects so far.
I also executed testparm -s -v on a DC, and it seems the printing
subsystem is loaded. I also added the recommended lines for disabling
This resulted in a reduction of used memory of about 40 megs.
Wouldn't it be a good idea to make those settings default in modern
Samba installations WRT security (mostly disabling Netbios)? I guess
they could be appended to the auto generated smb.conf when provisioning
If somebody knows of some bad side effects from my tweaking, I would be
very interested to know.
More information about the samba