How To Secure Samba NMBD/SMBD to bind to a specific IP address

By default Samba SMB/NMB listen on ANY and ALL IPs on your system by binding to 0.0.0.0.  Obviously this is a huge security risk if you have a public facing server with both internal and external access.  Usually when a system administrator sets up a samba server their intention is just to share with a LAN.

To do this you need to the following options under the [global] section in smb.conf

bind interfaces only = yes
interfaces = 192.168.1.10
hosts allow = 192.168.1.

The "bind interfaces only" tells Samba to only bind to the IP specified under "interfaces".

hosts allow is there for good measure (normally hosts allow will the only thing stopping people from the outside from accessing your samba server).  The safest way of course is to firewall on the public WAN side and to not bind to any interface or IP that you don't want to have access.

 

Latest Articles

  • prosody xmpp server "Failed in all attempts to connect to proxy.eu.jabber.org"
  • VMWare ESXi 6.7 SSH/PowerShell CLI Commands
  • VMWare Vsphere VCSA Graphical Install Creates json
  • error while loading shared libraries: libasound.so.2: cannot open shared object file: No such file or directory
  • ./xmr-stak: error while loading shared libraries: libmicrohttpd.so.10: cannot open shared object file: No such file or directory
  • qemu-img resize howto
  • gmail.com address failing in Postfix
  • VMWare Hardware virtualization is selected and cannot be deselected due to selection of VBS Insufficient resources to satisfy configured failover level for vSphere HA.
  • Debian Mint Ubuntu compiling xmr-stak
  • ./nsgpucnminer: error while loading shared libraries: libOpenCL.so.1w: cannot open shared object file: No such file or directory
  • *** These critical programs are missing or too old: gawk
  • migration/4 migration 4 is using too much CPU
  • convert.im6: Unknown field with tag 317 (0x13d) encountered. `TIFFReadDirectory' @ warning/tiff.c/TIFFWarnings/788.
  • Python SyntaxError: Missing parentheses in call to 'print'
  • Linux How To Rename Files
  • OpenVZ container will not stop Child 546246 exited with status 1
  • [warn] VirtualHost 10.2.5.101:443 overlaps with VirtualHost 10.2.5.101:443, the first has precedence, perhaps you need a NameVirtualHost directive
  • Ethereum Client Errors
  • PayPal IPN Failed "result: IPN Handshake Invalid"
  • Linux Centos 7 HowTo Install Yarn