# samba-4.10.15 AD DC and nbt



## byrnejb (Jul 22, 2020)

FreeBSD-12.1p7
iocage thick jail

I have a samba based AD domain running on two DCs in separate jails.  However, the only way I can get samba_server to start is if I disable the `nbt` service, by adding either `disable netbios = yes` or `server services = -nbt` in `/usr/local/etc/smb4.conf`. 

The problem arises when attempting to run `samba-tool domain backup . . .`.  This always fails with an error that strongly suggests that the missing `nbt` service is to blame:

```
samba-tool domain backup online --server=smb4-2 --targetdir=/tmp
ERROR(runtime): uncaught exception - (3221225653, '{Device Timeout} The specified I/O operation on %hs was not completed before the time-out period expired.')
  File "/usr/local/lib/python3.7/site-packages/samba/netcmd/__init__.py", line 185, in _run
    return self.run(*args, **kwargs)
  File "/usr/local/lib/python3.7/site-packages/samba/netcmd/domain_backup.py", line 249, in run
    backend_store=backend_store)
. . .
  File "/usr/local/lib/python3.7/site-packages/samba/join.py", line 361, in find_dc_site
    flags=nbt.NBT_SERVER_LDAP | nbt.NBT_SERVER_DS)
```

If the`nbt` service is not disabled then samba_server fails to start:

```
[2020/07/22 15:16:13.982634,  0] ../../source4/smbd/server.c:773(binary_smbd_main)
  binary_smbd_main: samba: using 'standard' process model
[2020/07/22 15:16:14.005187,  0] ../../source4/nbt_server/interfaces.c:228(nbtd_add_socket)
  Failed to bind to 127.0.162.1:137 - NT_STATUS_ADDRESS_ALREADY_ASSOCIATED
[2020/07/22 15:16:14.005561,  0] ../../source4/smbd/service_task.c:36(task_server_terminate)
  task_server_terminate: task_server_terminate: [nbtd failed to setup interfaces]
[2020/07/22 15:16:14.048842,  0] ../../lib/util/become_daemon.c:136(daemon_ready)
  daemon_ready: daemon 'samba' finished starting up and ready to serve connections
[2020/07/22 15:16:14.067908,  0] ../../source4/smbd/server.c:371(samba_terminate)
  samba_terminate: samba_terminate of samba 90675: nbtd failed to setup interfaces
```

My guess is that there is some setting in the jail configuration that prevents the netbios protocol from binding to a socket.   The settings that I have for the jail are:

```
iocage get all smb4-2
CONFIG_VERSION:27
allow_chflags:0
allow_mlock:0
allow_mount:0
allow_mount_devfs:0
allow_mount_fusefs:0
allow_mount_nullfs:0
allow_mount_procfs:0
allow_mount_tmpfs:0
allow_mount_zfs:0
allow_quotas:0
allow_raw_sockets:1
allow_set_hostname:1
allow_socket_af:1
allow_sysvipc:1
allow_tun:0
allow_vmm:0
assign_localhost:1
available:readonly
basejail:0
boot:0
bpf:0
children_max:0
comment:none
compression:lz4
compressratio:readonly
coredumpsize:off
count:1
cpuset:off
cputime:off
datasize:off
dedup:off
defaultrouter:auto
defaultrouter6:auto
depends:none
devfs_ruleset:1002
dhcp:0
enforce_statfs:2
exec_clean:1
exec_created:/usr/bin/true
exec_fib:0
exec_jail_user:root
exec_poststart:/usr/bin/true
exec_poststop:/usr/bin/true
exec_prestart:/usr/bin/true
exec_prestop:/usr/bin/true
exec_start:/bin/sh /etc/rc
exec_stop:/bin/sh /etc/rc.shutdown
exec_system_jail_user:0
exec_system_user:root
exec_timeout:60
host_domainname:none
host_hostname:smb4-2.brockley.harte-lyne.ca
host_hostuuid:smb4-2
host_time:1
hostid:b4cdc46c-7e7a-11de-87df-0011d8a408ed
hostid_strict_check:0
interfaces:vnet0:bridge0
ip4:new
ip4_addr:em0|192.168.18.162,em0|192.168.216.162
ip4_saddrsel:1
ip6:new
ip6_addr:none
ip6_saddrsel:1
ip_hostname:0
jail_zfs:0
jail_zfs_dataset:iocage/jails/smb4-2/data
jail_zfs_mountpoint:none
last_started:2020-07-22 14:56:48
localhost_ip:127.0.162.1
login_flags:-f root
mac_prefix:001cc0
maxproc:off
memorylocked:off
memoryuse:off
min_dyn_devfs_ruleset:1000
mount_devfs:1
mount_fdescfs:1
mount_linprocfs:0
mount_procfs:0
mountpoint:readonly
msgqqueued:off
msgqsize:off
nat:0
nat_backend:ipfw
nat_forwards:none
nat_interface:none
nat_prefix:172.16
nmsgq:off
notes:none
nsem:off
nsemop:off
nshm:off
nthr:off
openfiles:off
origin:readonly
owner:root
pcpu:off
plugin_name:none
plugin_repository:none
priority:99
pseudoterminals:off
quota:none
readbps:off
readiops:off
release:12.1-RELEASE-p7
reservation:none
resolver:search brockley.harte-lyne.ca hamilton.harte-lyne.ca harte-lyne.ca;nameserver 192.168.18.162;nameserver 192.168.18.161;nameserver 216.185.71.33;options edns0 timeout:3 attempts:2
rlimits:off
rtsold:0
securelevel:2
shmsize:off
stacksize:off
state:up
stop_timeout:30
swapuse:off
sync_state:none
sync_target:none
sync_tgt_zpool:none
sysvmsg:new
sysvsem:new
sysvshm:new
template:0
type:jail
used:readonly
vmemoryuse:off
vnet:0
vnet0_mac:none
vnet1_mac:none
vnet2_mac:none
vnet3_mac:none
vnet_default_interface:auto
vnet_interfaces:none
wallclock:off
writebps:off
writeiops:off
```

Does anyone know if it is possible to configure a jail to allow `netbios` to bind to a socket?  And, if so, then what settings are required?


----------



## Tjure (May 18, 2022)

Did anybody solve this problem?

I also have a problem with samba AD and "NT_STATUS_ADDRESS_ALREADY_ASSOCIATED", but not when using jails, but having an alias IP on one NIC in the same  address domain, .e.g. by
`ifconfig dwc0.5 inet 10.0.2.10/24
ifconfig dwc0.5 inet 10.0.2.254/32 alias`

As far as I understand you also have multiple IPs for each jail on one NIC, so the cause of the problem could be the same.

(The idea behind the alias IP is to set up a couple redundant servers and access them all via a single IP, i.e., 10.0.2.254.)

I have to specify in `smb.conf`:

```
bind interfaces only = yes
interfaces = 10.0.2.10
```
otherwise samba throws the same error as in the inital post. This is bad as samba does then not respond to request on 10.0.2.254.

It seems to be FreeBSD specific, as I test it on Linux, and it worked. Could the problem be related also to Thread 39949?


----------



## SirDice (May 18, 2022)

Don't use that Netbios stuff, it's only there for compatibility with old Windows versions (pre-windows 2000). Just disable it. 


```
samba_server_enable="YES"
nmbd_enable="NO"
```


----------



## Tjure (May 18, 2022)

Understood. I guess that nobody works on the netbios-stuff anymore, so disabling is the only solution.

I (most probably) don't need it, so I can live with it.

As stated in the initial post, one also needs

```
disable netbios = yes
```
in `smb4.conf`

Thank you!


----------

