nmbd (from samba 3.5) in a jail?

[Orum]

I was previously running nmbd from samba 3.4 happily in a jail. Now, I've upgraded to samba 3.5.6, and when I try to run nmbd in a jail now, I get the following error on start up.

nmbd version 3.5.6 started.
Copyright Andrew Tridgell and the Samba Team 1992-2010
standard input is not a socket, assuming -D option
bind failed on port 137 socket_addr = 192.168.1.223.
Error = Can't assign requested address
nmbd_subnetdb:make_subnet()
  Failed to open nmb bcast socket on interface 192.168.1.223 for port 137.  Error was Can't assign requested address
ERROR: Failed when creating subnet lists. Exiting.

It seems that nmbd in 3.5 insists on binding to the broadcast address, whereas in 3.4, it would work just fine without it. Is there some way to adjust this behavior and get it to work as it did in 3.4?

Config file:

[global]
workgroup            = Home
netbios name         = NBNS
server string        = NetBIOS Name Server
security             = user
hosts allow          = 192.168.1.0/25 192.168.1.128/26
hosts deny           = ALL
socket options       = TCP_NODELAY
interfaces           = 192.168.1.219/27
bind interfaces only = yes
wins support         = yes
dns proxy            = no
null passwords       = no
hide unreadable      = yes
hide dot files       = yes

Edit: I also tried

interfaces = 192.168.1.219/32

to no avail, as it then tried to bind to the local broadcast, 255.255.255.255, which it also can't bind to in a jail.

 

[Orum]

Alright, I solved it...

I remembered that some of my jailed daemons use several unicast addresses. So, I thought, why not give nmbd the unicast address and the broadcast address when creating the jail?

Yes, it won't be able to send broadcasts, but, in my case, that's not a big issue as nmbd isn't even on the same network as the hosts that are using it. For name resolution, they will all be using unicasts, obviously.

Anyway, long story short, nmbd 3.5.6 does start now, with a little chatter when it can't send stuff:

query_name: Failed to send packet trying to query name HOME<1d>
Packet send failed to 192.168.1.223(138) ERRNO=Operation not permitted
Packet send failed to 192.168.1.223(137) ERRNO=Operation not permitted

But at least it keeps running, and name resolution works over unicast just fine (as verified with nbtstat on Windows).

Edit: I'm actually not sure if it's the jailing that's preventing it from sending the broadcasts, or my firewall, but either way I don't want them to go out. Perhaps if you wanted broadcast resolution in a jail, you might be able to get it to work.

 

[Deleted member 15063]

you can also put this in your smb.conf

nmbd bind explicit broadcast = no

I haven't tested if name resolution work with this parameter.