SAMBA Protocols

... getting to the point

© 2010, 2011, 2012 Dennis Leeuw dleeuw at made-it dot com
License: GPLv2 or later


    1. NetBIOS, SMB or CIFS
    2. Resolving with names
      1. Making SAMBA a WINS server
      2. Test tools
      3. Service Codes
    3. DNS


To configure SAMBA you need a bit of knowledge about Microsoft Networking. Pre-Windows 2000 systems used NetBIOS over TCP/IP to provide you with SMB (Service Message Block) connections. Windows 2000 and later systems are equiped with SMB over TCP/IP. As Microsoft states in their Direct hosting of SMB over TCP/IP document this has a couple of advantages:

With NetBIOS over TCP/IP or NBT for short the following ports are used:
NetBIOS name UDP 137
NetBIOS name TCP 137
NetBIOS datagram UDP 138
NetBIOS session TCP 139

Within SAMBAs smb.conf this can be controlled by:

disable netbios = no
smb ports = 139

NetBIOS on you LAN can be an annoiance due to the amount of broadcasts that it sents. However NetBIOS over the Internet is an enormous security risk. The NetBIOS protocol gives people the ability to obtain all kind of information from your systems like: your domain, workgroup and system names, as well as account information. To prevent this from happening make sure that on your border gateways you filter out all in- and outgoing traffic for ports 137, 138 and 139.

SMB of TCP/IP or CIFS (Common Internet File System) uses:

Within SAMBAs smb.conf this can be controlled by:

disable netbios = yes
smb ports = 445

If you want to support both use:

disable netbios = no
smb ports = 139 445

The big question now is: How does a Microsoft Client handle all this? Windows 2000 and later systems setup two connections simultaniously to a server one on port 445 and one on port 139. If it gets a response from port 445 it will reset (RST) the port 139 connection. If it only gets a response from port 139, that one is used. If you disable NBT on your client only port 445 is being tried.

Pre-Windows 2000 clients only use port 139.

So if you do not have systems that pre-date Windows 2000 on your network I would suggest to go with SMB over TCP/IP option in your smb.conf.

For those that realy want to get into the details of NetBIOS, SMB and CIFS I suggest reading: Implementing CIFS

Resolving with names

The Microsoft protocols where initialy based on broadcasts. Since broadcasts do not route, one needs to have a name resolving solution to translate NetBIOS names into IP addresses. The Microsoft solution for this problem is called WINS, which can be compared to DNS in that it translates names into IP addresses.

Of course we would like to tell SAMBA what it should use to resolve names. The resolve order in SAMBA is determined by the name resolve order parameter in the smb.conf file.

name resolve order = wins lmhosts host bcast

Making SAMBA a WINS server

To make your SAMBA server into a WINS server add

wins support = yes
to you smb.conf file.

As soon as you add this setting make sure you do not have wins server = parameter in your configuration file.

Test tools

The best tool to figure out how your network looks like in a MS Domain is nmblookup. Following commands should tell you what you need to know:

nmblookup -R -U EXAMPLE#1C
where is the IP address of your WINS server and EXAMPLE is the domainname. This results in a list of the domain controllers available on your network. You could also request the Domain Master Browser by doing:
nmblookup -R -U EXAMPLE#1B
This should result is the IP address of the PDC, since according to the rules in Microsoft Networking, the PDC must be the Domain Master Browser.

To collect all functions of a single host use:

nmblookup -R -A
or if you want to do it based on NETBIOS name use:
nmblookup -R -A -n MyPDC

Service Codes

Code Meaning
<00> Server Service
<03> Generic Machine Name (NetBIOS name)
<1b> Domain Master Browser. A PDC should win the election to be the DMB, and should thus register the DOMAIN<1B> NetBIOS name.
<1c> Server provides the NETLOGON-service. All domain controllers should register the DOMAIN<1C> name and Windows clients locate a network logon server by searching for this name.
<1d> Local Master Browser. Receives browse lists from the 1B servers.
<1e> Browser Election Service
<20> Workstation on which the LanMan Server Service is running


A crucial part in your DNS to make e.g. Windows 7 run more smoothly is to add to DNS:

_ldap._tcp.dc._msdcs.EXAMPLE.COM	SRV 0 0 389
This entry is used to locate the PDC (LDAP server).

Also add a DNS entry for your samba server. We are assuming:

fs01		CNAME	larix
larix		A