[wellylug] samba server and dhcp

Sam Cannell sam at plaz.net.nz
Sat May 8 15:51:12 NZST 2004 

You might want to check your facts there, Michael. :)

Firstly, Windows 2000 and 2003 both have Netbios over TCP/IP enabled by
default.  This is because disabling it will make you unable to share
resources with PCs running older versions of Windows.

Under Windows XP, it's also enabled by default unless the DHCP server
explicitly asks it to disable it.  If a static IP address is used, NetBT
is still enabled.

Secondly, enabling Netbios on your Internet connection will not do
anything harmful.  The only function of the Netbios protocol is to
translate machine names on a local network to network addresses.

Conversely, disabling Netbios on your Internet connection _will not_
stop people connecting to your Windows shares.  Regardless of whether or
not Netbios is enabled, a connecting directly to an IP address will
allow access to a poorly secured PC's file shares.

Note also that because Netbios is a non-routed protocol, its traffic
will not appear on most Internet connections at all.  The main
exceptions to this are Cable and Citylink, as both these appear to the
PC as an Ethernet network.

The correct way to secure a PC's file shares on a broadband connection
is to open the Network and Dialup Connections window, open the property
sheet for the Internet connection, and untick the "Client for Microsoft
Networks" and "File and Print sharing for Microsoft Networks".

There is no need to do this for a dialup connection, as for them File
and Print sharing is disabled by default.

In short, there is *no reason whatsoever* to disable Netbios over
TCP/IP.  All doing so will achieve is prevent you from communicating
easily with Samba servers and Windows PCs below Windows 2000.

Sam

-----Original Message-----
From: wellylug-admin at lists.naos.co.nz
[mailto:wellylug-admin at lists.naos.co.nz] On Behalf Of Michael Dittmer
Sent: Saturday, 8 May 2004 3:13 p.m.
To: wellylug at lists.naos.co.nz
Subject: RE: [wellylug] samba server and dhcp

Not true. Windows 2000 / 2003 (including server versions) and Windows XP
using DNS as the default lookup. To use netbios, you have to enable it.

If you pass the domain info via dhcp including the DNS info as well,
then
you don't need netbios at all, not to mention netbios can be hacked over
the
internet if it is being broadcast onto the net like a lot of Win9x PC's
do.

Michael

More information about the wellylug mailing list