ClearFoundation Tracker - ClearOS
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0020991ClearOSapp-samba - Windows Networkingpublic2018-08-04 02:542020-03-03 03:30
ReporterNickH 
Assigned To 
PrioritylowSeverityfeatureReproducibilityalways
StatusclosedResolutionsuspended 
PlatformOSOS Version
Product Version7.5.0 
Target VersionFixed in Version 
Summary0020991: Make Samba only bind to interface IP's
DescriptionIn order to run Docker/Samba Domain Controller on a LAN IP within ClearOS, samba needs to be change to bind on LAN IP's only, otherwise, if you set up a Virtual IP in ClearOS Samba will bind to that as well, stopping the Docker/Samba Domain Controller from binding to those ports.

To get round this, in /etc/samba/smb.conf we need to set:
bind interfaces only = yes
interfaces = lo LANIF#1 LANIF#2 etc

Note that in the docker implementation, if you choose to add the Virtual IP using:
ip addr add 172.22.22.2 dev enp2s0f1
Then you have to use the interface IP's rather than the interface names int the "interfaces" line or samba will bind to the virtual IP as well.

There is another issue. Even making these changes, there is an nmbd socket listening to 0.0.0.0:137 and 138. The only way I've found of stopping it is by adding a line:
    nbt client socket address = 172.22.22.1
but the parameter only supports a single address and is deprecated in favour of "bind interfaces only = yes". I don't know if this is an issue. I guess it is not if port bindings take precedence over sockets. Testing is required here.
Steps To Reproduce
Additional Information
TagsNo tags attached.
Relationships
Attached Files
Issue History
Date ModifiedUsernameFieldChange
2018-08-04 02:54NickHNew Issue
2018-08-04 23:54user2Prioritynormal => low
2018-08-04 23:54user2Severityminor => feature
2018-08-04 23:54user2Statusnew => confirmed
2018-08-06 03:32NickHNote Added: 0007741
2020-03-03 03:30NickHNote Added: 0013311
2020-03-03 03:30NickHStatusconfirmed => closed
2020-03-03 03:30NickHResolutionopen => suspended

Notes
(0007741)
NickH   
2018-08-06 03:32   
The only way I can find of stopping nmbd binding to 0.0.0.0 on ports 137 and 138 is to add the following line:
nbt client socket address = a normal LAN interface IP

This is a kludge as it only accepts a single IP and ignores all others. I think it is for a socket binding. Note if you have "interfaces only" set, nmbd will already just be binding to the interface IP's and their broadcast IP's. I am not sure why you still also get a binding to 0.0.0.0. The only comments I can find on the internet are "so what" and "give me a use case where nmbd should not bind to 0.0.0.0". I think this is a use case.
(0013311)
NickH   
2020-03-03 03:30   
Migrated to https://gitlab.com/clearos/clearfoundation/app-samba/issues/23 [^]