Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


What is the most optimal samba config for speed and browsing?

Posted on 2011-02-14
Medium Priority
Last Modified: 2013-12-02
I've read some experts advise (IT4SOHO at EE included) that mention if you have a samba network with Win 2000 clients or later then you can use this in your smb.conf file.
smb ports = 445
Apparently this is more efficient (faster?) because the packets don't have the NetBIOS encapsulation overhead, and has helped some people minimise lag when accessing network shares.  Though some users reported setting smb ports to 139 helped too.

A single samba server (samba-3.0.36-0.5.5) environment which is a dns server as well, 2 x Win XP Pro, 2 x Vista and 2 x Win 7 Pro pc's....what is the most optimal setup for speed.
Is it recommended to disable netbios on all the pc's?
Should I bother with a WINS server (wins support = yes in smb.conf) at all?
If the server has an entry in dns then all the pc's can still access by name right, so why bother with WINS?
For performance, set smb ports = 445 in smb.conf. Right?

If I did have WINS turned on at the samba server, then to populate the WINS database, netbios needs to be enabled and all pc's pointed to it.  But in this case can I still use "smb ports = 445", or will that break browsing?

Question by:blokeman
  • 5
  • 3
LVL 14

Assisted Solution

pablouruguay earned 400 total points
ID: 34950780
disable netbios maybe increment the speed but really a LIttle increment.
Disable Wins

Here you have 2 links refer that.



Author Comment

ID: 34966747
Those links are pretty good, but none of them mention ports = 445.

So maybe the best way so far is to disable NetBIOS (and browsing), and use 'ports' on the server
In smb.conf:
disable netbios = yes
# we do not need netbios broadcasts for the windows shares so we can disable it. Our clients will be
# told where the share is located. Clients that only support netbios won't be able to see your samba
# server when netbios support is disabled.
ports = 445

and then also disable Netbios (and lmhosts lookup) on the Win pc's as well.  So then the only way they can resolve names is by DNS.

I suppose if netbios is disabled on Windows pc's then the netbios nodetype becomes irrelevant as well.

Anyone else with specific thoughts on the merit of using
ports 445

LVL 21

Expert Comment

by:Daniel McAllister
ID: 34972505
Please read the article:


which explains some SAMBA settings to improve performance for Windows Vista/7 environments.

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!


Author Comment

ID: 34976832
Hi Dan
I had read that fantastic article previously.  You are a very concise and articulate writer!
I've now read it again, and have a question...

Is this best achieved just at the server with :
ports = 445
disable netbios = ye
s  <--- Is this even necessary if already using ports = 445?
Is it recommended to also disable NetBIOS on all the Windows pcs in their network control panel (under TCP/IP properties)?

With no netBIOS on the server or pc's then network browsing is not possible. Right?
So will this cause any problems?

LVL 21

Accepted Solution

Daniel McAllister earned 1600 total points
ID: 34987534

First, thank you for the kind words in-re the article on Samba & SMB2.

With regards to your issue, I think that there is a basic misunderstanding -- so permit me to slip back into professor mode for a moment, because I think many of your assumptions are incorrect.

Specifically, NetBIOS was not REPLACED by SMB, rather it was upgraded to (or evolved into) SMB.

The SMB protocol (that uses port 445) retains all of the same functionality as NetBIOS (except, perhaps, its connectionlessness and layer-2 protocol ambivalence) -- INCLUDING retaining the Microsoft "Browsing" functionality.

So disabling ports 137-139 and NetBIOS over TCP/IP will NOT accomplish your goal, if that goal is to preventing network browsing.

If I'm to assume that you want to disable network browsing on your LAN, there are 2 things to consider:
 1) There is a "browsing = [yes/no]" option for each share that can tell Samba NOT to allow browsing to that share, but I am not aware of any OTHER way to turn off computer browsing from the server.
 2) Unless you employ AD (that's a new article I'm writing -- deploying a Windows AD server as a XEN virtual machine in an otherwise all-Linux environment), you have no way of restricting Windows Clients from browsing - at least not while maintaining a way to access an SMB share.

OK -- Professor mode off --

Your original question is asking about optimizing Samba -- and particularly, dealing with long LAG times. Which is why I pointed to my article.

First: Using Samba 3.0 (or anything prior to 3.5) will get you access to SMB1, but not SMB2 protocols. Either will allow NetBIOS if you turn it on, but only Samba 3.5 and later supports SMB2 -- which is necessary for long-lag support.

Second: NetBIOS uses ports 137-139, SMB uses 445.
 - A connection using ports 137-139 is using NetBIOS -- on virtually any Windows or Linux system
 - A connection on port 445 is using SMB (either 1 or 2).
Thus, turn off your responses on Ports 137-139 (iptables in addition to smb.conf?) and you're not going to permit NetBIOS connections to that system.

Third: Lag times are a problem for both NetBIOS and SMB1 -- an attempted resolution is an SMB2 improvement
 - SMB2 is used in Windows Vista, 7, and Server 2008
 - SMB2 is used in Samba 3.5 and higher (including current beta versions of Samba 4)

Last: If you upgrade to Samba 3.5, your Windows 2000, XP, and Server 2003 systems will still be able to use SMB1, but your Vista, 7, & Server 2008 systems will also be able to use SMB2 -- there is no issue with supporting both on the same LAN.

So -
1) To enable better long-lag sensitivity and performance, upgrade to Samba 3.5
2) To eliminate the possibility of accidentally falling back to NetBIOS, disable ports 137-139 (actually the default for Samba 3.5 and up) -- but there is no way to prevent falling back from SMB2 to SMB1 -- they're on the same port & if they negotiate to SMB1 then so be it!
3) If you do NOT upgrade Samba to 3.5 or higher, your Windows Vista, 7, & Server 2008 systems will always negotiate to SMB1. Windows 7 and Server 2008 will not negotiate to NetBIOS unless you specifically allow it -- not in network connections, but in the registry!

I hope this answers your questions more clearly.


Author Comment

ID: 34993900
Thanks Dan.  You experience and knowledge on this is excellent.

So a Samba upgrade is on the cards for sure with ports = 445.

Dan, just one last query re your statement:
The SMB protocol (that uses port 445) retains all of the same functionality as NetBIOS [...] -- INCLUDING retaining the Microsoft "Browsing" functionality.
With NetBIOS, I did assume that it alone was responsible for enabling browsing, because of  the way that it allows broadcasts or the use of WINS servers to obtain a list of NetBIOS hosts on the network.  By this I mean the list of PCs and servers which can be viewed in Network Neighborhood from a Windows PC.  Yet since Win 2000, Netbios is not needed because of Active Directory (AD) and it's integrated DNS.  So without an AD  server, how do PCs in a samba (SMB2) network obtain a list of computers in their domain (and Network Neighborhood)?

Author Comment

ID: 34993965
Further to my last comment...Thinking a bit more, maybe in a SMB2 Samba 3.5+ network, this browse list functionality is all coming with Samba 4 and it's AD capabilities.  So for now, do Windows clients (on Samba SMB2) need to know the host name (as opposed to Network Neighborhood) to browse shared resources on that host?  For example by using \\hostname in Windows Explorer.
LVL 21

Assisted Solution

by:Daniel McAllister
Daniel McAllister earned 1600 total points
ID: 34994596

WINS and the network browser are still very much alive -- in fact, in SMB2 it's even more active (ever looked at the Windows 7 Home Network?)

Microsoft has a KB article that, from a reasonably high level, describes the evolution of the browser function.

The ONLY real difference is that in SMB, instead of the browser service listening on port UDP 137 (the Name Resolution Port in NetBIOS), it listens on UDP Port 445 -- the same port it listens for data being transmitted.

You are correct that in AD, there is not the same need for a "browser" function -- but with AD (just as with PDCs in WinNT), the only real difference is that there isn't an "election" for a browser master -- the AD server (or the PDC) automatically wins the "election"! There is an AD command to list the other computers in the domain -- and its format isn't all that different from the NetBIOS query for the Master Browser to list it's "detected" systems!

I must admit I'm a bit confused... are you still trying to optimize samba (or SMB), or are you looking at a security concern?


Author Comment

ID: 34994801
No particular security issue in mind, I just want to optimising Samba for speed and browsing.  

As it looks like using port 445 (SMB2) will provide both speed improvements and browsing functionality, then that is the configuration I'll implement.  I will just read up a bit more on the WINS side of things and enable that on the server.

Thanks again!


Featured Post

Receive 1:1 tech help

Solve your biggest tech problems alongside global tech experts with 1:1 help.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
In this blog, we’ll look at how improvements to Percona XtraDB Cluster improved IST performance.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …
Suggested Courses

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question