Re: [Samba] Make nmbd bind to interfaces only
- Date: Mon, 11 Feb 2019 19:07:29 +0000
- From: Nick Howitt via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] Make nmbd bind to interfaces only
On 11/02/2019 18:47, Rowland Penny via samba wrote:
Totally agree. M$ want to kill SMB1 and NT4 domains have not been used
by them for ages. This is why I've been going down the AD route and, to
keep it all in a single box, putting the AD DC into docker and still
using unix shares.
On Mon, 11 Feb 2019 17:47:21 +0000
Nick Howitt via samba <samba@xxxxxxxxxxxxxxx> wrote:
I would like to have nmbd only bind to the interfaces specified in
the interfaces line of smb.conf, in the same way that smbd does. When
researching this I did come across a mailing list thread saying there
was no use case, but I think I have one.
For many years ClearOS has been providing NT4 style domains and
unix-style shares. M$ upset the applecart last year with their 1803
update when joining NT4 domains got broken (it has since been fixed
since September '18, but I would assume the writing is on the wall
for NT4 domains).
To get round the issue I loaded samba into docker using the
https://github.com/Fmstrat/samba-domain container. I wanted to
continue to use the ClearOS samba configuration (v4.7.1 and soon to
follow Centos to 4.8.3) for its file-sharing as a domain member. One
of the problems I had was that if the native ClearOS instance of
samba was started, the docker instance would refuse to start because
of a port clash. To get round this for smbd was easy. All I had to do
was bind to interfaces only, but nmbd would not obey. For nmbd I had
nmbd bind explicit broadcast = yes
socket address = 192.168.20.1
This is sort of OK if I have one LAN interface, but ClearOS is, among
other things, a router/firewall and as such can have multiple LAN
and/or VLAN interfaces. Socket address can only have one IP address
so I can't get all LAN interfaces to bind to it. Is there a way round
this or does it make a reasonable use case for a modification request.
You really need to upgrade from your NT4-style domain, they are, as you
are aware, very fragile and easily broken. Samba's and Microsoft's
emphasise is very much on AD and as such, the NT4-style code easily
gets broken by accident.
To unsubscribe from this list go to the following URL and read the