Skip to content

Make Samba only bind to interface IP's

Migrated from: https://tracker.clearos.com/view.php?id=20991

Reported by: Nick Howitt

In order to run Docker/Samba Domain Controller on a LAN IP within ClearOS, samba needs to be change to bind on LAN IP's only, otherwise, if you set up a Virtual IP in ClearOS Samba will bind to that as well, stopping the Docker/Samba Domain Controller from binding to those ports.

To get round this, in /etc/samba/smb.conf we need to set:

bind interfaces only = yes
interfaces = lo LANIF#1 LANIF#2 etc

Note that in the docker implementation, if you choose to add the Virtual IP using:

ip addr add 172.22.22.2 dev enp2s0f1

Then you have to use the interface IP's rather than the interface names in the "interfaces" line or samba will bind to the virtual IP as well. Better is to add the virtual IP through the Webconfig.

There is another issue. Even making these changes, there is an nmbd socket listening to 0.0.0.0:137 and 138. The only way I've found of stopping it is by adding a line:

nbt client socket address = 172.22.22.1

Where 172.22.22.1 is the ClearOS LAN IP, but the parameter only supports a single address and is deprecated in favour of "bind interfaces only = yes". I don't know if this is an issue. I guess it is not if port bindings take precedence over sockets. Testing is required here.