ClearOS Bug Tracker


View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0020991ClearOSapp-samba - Windows Networkingpublic2018-08-04 02:542018-08-06 03:32
ReporterNickH 
Assigned To 
PrioritylowSeverityfeatureReproducibilityalways
StatusconfirmedResolutionopen 
PlatformOSOS Version
Product Version7.5.0 
Target VersionFixed in Version 
Summary0020991: Make Samba only bind to interface IP's
DescriptionIn order to run Docker/Samba Domain Controller on a LAN IP within ClearOS, samba needs to be change to bind on LAN IP's only, otherwise, if you set up a Virtual IP in ClearOS Samba will bind to that as well, stopping the Docker/Samba Domain Controller from binding to those ports.

To get round this, in /etc/samba/smb.conf we need to set:
bind interfaces only = yes
interfaces = lo LANIF#1 LANIF#2 etc

Note that in the docker implementation, if you choose to add the Virtual IP using:
ip addr add 172.22.22.2 dev enp2s0f1
Then you have to use the interface IP's rather than the interface names int the "interfaces" line or samba will bind to the virtual IP as well.

There is another issue. Even making these changes, there is an nmbd socket listening to 0.0.0.0:137 and 138. The only way I've found of stopping it is by adding a line:
    nbt client socket address = 172.22.22.1
but the parameter only supports a single address and is deprecated in favour of "bind interfaces only = yes". I don't know if this is an issue. I guess it is not if port bindings take precedence over sockets. Testing is required here.
TagsNo tags attached.
Attached Files

- Relationships

-  Notes
(0007741)
NickH (developer)
2018-08-06 03:32

The only way I can find of stopping nmbd binding to 0.0.0.0 on ports 137 and 138 is to add the following line:
nbt client socket address = a normal LAN interface IP

This is a kludge as it only accepts a single IP and ignores all others. I think it is for a socket binding. Note if you have "interfaces only" set, nmbd will already just be binding to the interface IP's and their broadcast IP's. I am not sure why you still also get a binding to 0.0.0.0. The only comments I can find on the internet are "so what" and "give me a use case where nmbd should not bind to 0.0.0.0". I think this is a use case.

- Issue History
Date Modified Username Field Change
2018-08-04 02:54 NickH New Issue
2018-08-04 23:54 pbaldwin Priority normal => low
2018-08-04 23:54 pbaldwin Severity minor => feature
2018-08-04 23:54 pbaldwin Status new => confirmed
2018-08-06 03:32 NickH Note Added: 0007741