Samba with xinetd

[smiler_jerg]

Okay, xinetd wasn't a problem at all. I already had the configuration from playing around before, and it Just Worked. For those who might be interested:

xinetd is configured using two main files. /etc/services and /etc/xinetd.conf. If you inspect xinetd.conf, you'll notice that it includes /etc/xinetd.d/.

To have Samba start automatically when its required, first install xinetd.

Code:

# sudo apt-get install xinetd

Then create a new file called 'samba' in /etc/xinetd.d/ with the settings for Samba's service.

Code:

# sudo nano /etc/xinetd.d/samba
service netbios-ssn
{
	port		=	139
	socket_type	=	stream
	wait		=	no
	only_from	=	192.168.0.0
	user		=	root
	server		=	/usr/sbin/smbd
	log_on_failure	+=	USERID
	disable		=	no
	mdns		=	yes
	instances	=	1
}

only_from specifies what IP addresses are allowed to connect. 192.168.0.0 means anyone who's IP address starts with 192.168.

In my configuration, I haven't set up the NetBIOS daemon 'nmdb', as I don't need it. It would have to run all the time to function, so cannot be started with xinetd (as far as I know), and is technically obsolete anyway. I'm using avahi for my Mac.

You should also check that the ports are defined in the /etc/services file. I found that they already were for Ubuntu Server.

Code:

# grep -e 139 -e 445 /etc/services
netbios-ssn	139/tcp				# NETBIOS session service
netbios-ssn	139/udp
microsoft-ds	445/tcp				# Microsoft Naked CIFS
microsoft-ds	445/udp

You should see the first four lines, and they shouldn't have any characters before them (# or ; which comment out the line). If these lines are missing, add them using nano.

To ensure xinetd recognises the new configuration, restart it.

Code:

# sudo /etc/init.d/xinetd restart

Now try connecting to a share. In Windows, go to Start>Run and type \\192.168.2.3\ replacing the numbers with your server's IP address. Similarly for Linux, Mac OS et al: smb://192.168.2.3/

I hope someone will find this useful. I found this information liberally scattered across the Internet, so I've brought it together here.

[andguent]

Glad to hear it all worked out. Thank you for posting back and letting us know how it went, it makes the thread ten times more useful when someone reads it a year from now.

[scasparz]

This is a rather old thread, I would like to resurrect.

Am playing with Samba in a xinetd environment. All right, starting samba through a super server takes some time, yet on the other hand it is my understanding that xinetd provides some good safety precautions, which could be of help say in the case of a DOS kind of attack. Not to mention I need xinetd for my firebird rdbms.

My smb.conf is a rather simple one. Made for a Primary Domain controller, just tdb namespace/security, no LDAP, no Kerberos, no printers, no issues reported by testparm. Has been tested without xinetd and it works fine for what I expect it to do. Meanwhile I have developed a netbios-ssn configuration for xinetd, trying to keep it a bit minimalistic, which goes like this:

service netbios-ssn

{

port = 139

socket_type = stream

protocol = tcp

wait = no

user = root

server = /usr/sbin/smbd

disable = no

}


inside the /etc/xinetd.d folder. Being old school am not using swat.
I keep the samba services down, expect them to be launched by xinetd on demand, which is exactly what happens.

Under such a scheme samba works very well thank you, yet I am getting a small issue here. Every time I open a new connection on this samba server from a remote XP client, I can see (ps -ef | grep mbd) a new smbd instance being launched, plus a couple of smbd zombies, each one a child to the first -non zombie- instance.

Being zombies, these two smbd instances cannot be killed, unless of course the parent instance is killed as well, which of course closes down the connection.

If I would open another connection, from say another XP client, then another three smbd instances are brought, again the later two of them zombie children to the first of the three.

Am happy to report, that all three smbd instances are killed by themselves, once the connection is closed.

Am using ubuntu 9.04 server, fully patched.

So here is my point. All right, it works, yet this does not seem pretty good to me. Do not know if this is supposed to be normal, yet each one of the zombies consumes its own resources, I can find no reason in wasting without a reason. Have tried to include the server_args = -F clause, without success.

Have googled “samba and xinetd”, not much have been found. To make things worse www.xinetd.org is not avail, while every reference I have found on xinetd at www.samba.org is swat related.



cheers everyone

[vpablos]

I'm currently using this configuration

service netbios-ssn
{
disable = no
# type = UNLISTED
id = netbios-ssn
# port = netbios-ssn
socket_type = stream
protocol = tcp
user = root
wait = no
instances = 5
server = /usr/sbin/smbd
}

# This is the udp version.
service netbios-ns
{
disable = no
# type = UNLISTED
id = netbios-ns
# port = netbios-ns
socket_type = dgram
protocol = udp
user = root
wait = yes
instances = 5
server = /usr/sbin/nmbd
}

I've taken and adapted it from:

http://www.comptechdoc.org/os/linux/...x_ugsamba.html
http://books.google.com/books?id=EaR...0inetd&f=false

[vpablos]

In last versions there is a problem with instances parameter. The correct configuration is the following one:

service netbios-ssn
{
disable = no
# type = UNLISTED
id = netbios-ssn
# port = netbios-ssn
socket_type = stream
protocol = tcp
user = root
wait = no
instances = 5
server = /usr/sbin/smbd
}

# This is the udp version.
service netbios-ns
{
disable = no
# type = UNLISTED
id = netbios-ns
# port = netbios-ns
socket_type = dgram
protocol = udp
user = root
wait = yes
instances = 1
server = /usr/sbin/nmbd
}