summaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
Diffstat (limited to 'docs')
-rw-r--r--docs/manpages/smb.conf.540
-rw-r--r--docs/textdocs/DOMAIN_CONTROL.txt9
2 files changed, 42 insertions, 7 deletions
diff --git a/docs/manpages/smb.conf.5 b/docs/manpages/smb.conf.5
index 44a6d7dfd0..3f2643450d 100644
--- a/docs/manpages/smb.conf.5
+++ b/docs/manpages/smb.conf.5
@@ -331,6 +331,8 @@ announce version
auto services
+bind interfaces only
+
browse list
character set
@@ -375,6 +377,8 @@ hosts equiv
include
+interfaces
+
keepalive
lock dir
@@ -816,6 +820,40 @@ ALL attempts to connect to the service will fail. Such failures are logged.
.B Example:
available = no
+
+.SS bind interfaces only (G)
+This global parameter (new for 1.9.18) allows the Samba admin to limit
+what interfaces on a machine will serve smb requests. If affects file service
+(smbd) and name service (nmbd) in slightly different ways.
+
+For name service it causes nmbd to bind to ports 137 and 138 on
+the interfaces listed in the 'interfaces' parameter. nmbd also binds
+to the 'all addresses' interface (0.0.0.0) on ports 137 and 138
+for the purposes of reading broadcast messages. If this option is
+not set then nmbd will service name requests on all of these
+sockets. If "bind interfaces only" is set then nmbd will check
+the source address of any packets coming in on the broadcast
+sockets and discard any that don't match the broadcast addresses
+of the interfaces in the 'interfaces' parameter list. As unicast
+packets are received on the other sockets it allows nmbd to
+refuse to serve names to machines that send packets that arrive
+through any interfaces not listed in the 'interfaces' list.
+IP Source address spoofing does defeat this simple check, however
+so it must not be used seriously as a security feature for nmbd.
+
+For file service it causes smbd to bind only to the interface
+list given in the 'interfaces' parameter. This restricts the
+networks that smbd will serve to packets coming in those interfaces.
+Note that you should not use this parameter for machines that
+are serving ppp or other intermittant or non-broadcast network
+interfaces as it will not cope with non-permanent interfaces.
+
+.B Default:
+ bind interfaces only = False
+
+.B Example:
+ bind interfaces only = True
+
.SS browseable (S)
This controls whether this share is seen in the list of available
shares in a net view and in the browse list.
@@ -3673,7 +3711,7 @@ administrator easy, but the various combinations of default attributes can be
tricky. Take extreme care when designing these sections. In particular,
ensure that the permissions on spool directories are correct.
.SH VERSION
-This man page is (mostly) correct for version 1.9.16 of the Samba suite, plus some
+This man page is (mostly) correct for version 1.9.18 of the Samba suite, plus some
of the recent patches to it. These notes will necessarily lag behind
development of the software, so it is possible that your version of
the server has extensions or parameter semantics that differ from or are not
diff --git a/docs/textdocs/DOMAIN_CONTROL.txt b/docs/textdocs/DOMAIN_CONTROL.txt
index 0b077320cd..7e1b5c6209 100644
--- a/docs/textdocs/DOMAIN_CONTROL.txt
+++ b/docs/textdocs/DOMAIN_CONTROL.txt
@@ -19,12 +19,9 @@ SMB domains based on shared authentication database schemes other than the
Windows NT SAM.
Microsoft Windows NT Domain Control is an extremely complex protocol.
-We have received countless requests to implement Domain Control in Samba
-and have seriously investigated the potential to support this. The Samba
-Team have now concluded that since Domain Control is a completely
-undocumented protocol we ought NOT to implement our best guess of this
-technology. It is a Microsoft business policy NOT to release the information
-necessary to enable this to be implemented in a dependable manner.
+We have received countless requests to implement Domain Control in Samba.
+The 1.9.18 release of Samba contains experimental code to implement
+this. Please read the file docs/NTDOMAIN.txt for more information on this.
============================================================================
Windows NT Server can be installed as either a plain file and print server