This global parameter allows the Samba admin to limit what interfaces on a machine will serve SMB requests. It affects file service smbd 8 and name service nmbd 8 in a slightly different ways. For name service it causes nmbd to bind to ports 137 and 138 on the interfaces listed in the interfaces parameter. nmbd also binds to the "all addresses" interface (0.0.0.0) on ports 137 and 138 for the purposes of reading broadcast messages. If this option is not set then nmbd will service name requests on all of these sockets. If bind interfaces only is set then nmbd will check the source address of any packets coming in on the broadcast sockets and discard any that don't match the broadcast addresses of the interfaces in the interfaces parameter list. As unicast packets are received on the other sockets it allows nmbd to refuse to serve names to machines that send packets that arrive through any interfaces not listed in the interfaces list. IP Source address spoofing does defeat this simple check, however, so it must not be used seriously as a security feature for nmbd. For file service it causes smbd 8 to bind only to the interface list given in the interfaces parameter. This restricts the networks that smbd will serve to packets coming in those interfaces. Note that you should not use this parameter for machines that are serving PPP or other intermittent or non-broadcast network interfaces as it will not cope with non-permanent interfaces. If bind interfaces only is set then unless the network address 127.0.0.1 is added to the interfaces parameter list smbpasswd 8 and swat 8 may not work as expected due to the reasons covered below. To change a users SMB password, the smbpasswd by default connects to the localhost - 127.0.0.1 address as an SMB client to issue the password change request. If bind interfaces only is set then unless the network address 127.0.0.1 is added to the interfaces parameter list then smbpasswd will fail to connect in it's default mode. smbpasswd can be forced to use the primary IP interface of the local host by using its smbpasswd 8 -r remote machine parameter, with remote machine set to the IP name of the primary interface of the local host. The swat status page tries to connect with smbd and nmbd at the address 127.0.0.1 to determine if they are running. Not adding 127.0.0.1 will cause smbd and nmbd to always show "not running" even if they really are. This can prevent swat from starting/stopping/restarting smbd and nmbd. no