August 2008 Archives

Cooler samba; netbios sucks


From Microsoft: Direct hosting of SMB over TCP/IP

Windows supports file and printer sharing traffic by using the Server Message Block (SMB) protocol directly hosted on TCP. This differs from earlier operating systems, in which SMB traffic requires the NetBIOS over TCP (NBT) protocol to work on a TCP/IP transport.

445 (SMB) is preferable over 137, 138, and 139 (old NetBIOS over TCP/IP aka NBT). In a nutshell SMB uses DNS and direct contact. NBT uses broadcasts and WINS.

So, NetBIOS isn't really necessary anymore. I have it turned off on all my windows clients. I just tested disabling it in the samba server at home and it works fine; even a little snappier. I'm not even running nmbd anymore. You must have domain resolution though; either FQDN or search domains.

Note no more 139 listening ports

styx:/var/log# netstat -anp | grep smbd
tcp        0      0 *               LISTEN     6128/smbd
tcp        0      0*               LISTEN     6128/smbd

Then here's my smb.conf file. Some nice tricks in there.


# Biographical information
server string = %h server (Samba %v)
workgroup = SYMB

# winpopups suck
message command = /bin/true

# not a print server
load printers = no

# yeah! Netbios is over.
disable netbios = yes
smb ports = 445
#dns proxy = no
#local master = yes
#os level = 20
#wins support = true
#netbios name = styx
#netbios aliases = house household home

# Do something sensible when Samba crashes: mail the admin a backtrace
panic action = /usr/share/samba/panic-action %d

# security
passwd program = /usr/bin/passwd %u
encrypt passwords = true
passdb backend = tdbsam
obey pam restrictions = yes
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n .
security = share
max log size = 1000

# network options
socket options = TCP_NODELAY
bind interfaces only = yes
interfaces = lo eth1

# logging
syslog = 2
syslog only = yes
log level = 2
log file = /dev/null

# locking
# technically, reduces performance, but no contention errors
oplocks = no
fake oplocks = yes
kernel oplocks = no
level2 oplocks = no

   comment = Home Directories
   browseable = no
   writable = yes
   create mask = 0664
   directory mask = 0775
   hosts allow = 192.168.0.

 force user=smb
 force group=smb
 force create mode = 0664
 force directory mode = 0775
 hosts allow = 192.168.0.