This global parameter allows the Samba admin
to limit what interfaces on a machine will serve SMB requests. It
affects file service smbd8 and name service nmbd8 in a slightly different ways.For name service it causes nmbd to bind
to ports 137 and 138 on the interfaces listed in
the interfaces parameter. nmbd also
binds to the "all addresses" interface (0.0.0.0)
on ports 137 and 138 for the purposes of reading broadcast messages.
If this option is not set then nmbd will service
name requests on all of these sockets. If bind interfaces
only is set then nmbd will check the
source address of any packets coming in on the broadcast sockets
and discard any that don't match the broadcast addresses of the
interfaces in the interfaces parameter list.
As unicast packets are received on the other sockets it allows
nmbd to refuse to serve names to machines that
send packets that arrive through any interfaces not listed in the
interfaces list. IP Source address spoofing
does defeat this simple check, however, so it must not be used
seriously as a security feature for nmbd.For file service it causes smbd8 to bind only to the interface list
given in the interfaces parameter. This
restricts the networks that smbd will serve
to packets coming in those interfaces. Note that you should not use this parameter
for machines that are serving PPP or other intermittent or non-broadcast network
interfaces as it will not cope with non-permanent interfaces.If bind interfaces only is set then
unless the network address 127.0.0.1 is added
to the interfaces parameter
list smbpasswd8 and swat8 may not work as expected due
to the reasons covered below.To change a users SMB password, the smbpasswd
by default connects to the localhost - 127.0.0.1
address as an SMB client to issue the password change request. If
bind interfaces only is set then unless the
network address 127.0.0.1 is added to the
interfaces parameter list then
smbpasswd will fail to connect in it's default mode.
smbpasswd can be forced to use the primary IP interface
of the local host by using its smbpasswd8-r remote machine
parameter, with remote machine set
to the IP name of the primary interface of the local host.The swat status page tries to connect with
smbd and nmbd at the address
127.0.0.1 to determine if they are running.
Not adding 127.0.0.1 will cause
smbd and nmbd to always show
"not running" even if they really are. This can prevent
swat from starting/stopping/restarting smbd
and nmbd.no