• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1345
  • Last Modified:

What is the most optimal samba config for speed and browsing?

I've read some experts advise (IT4SOHO at EE included) that mention if you have a samba network with Win 2000 clients or later then you can use this in your smb.conf file.
smb ports = 445
Apparently this is more efficient (faster?) because the packets don't have the NetBIOS encapsulation overhead, and has helped some people minimise lag when accessing network shares.  Though some users reported setting smb ports to 139 helped too.

A single samba server (samba-3.0.36-0.5.5) environment which is a dns server as well, 2 x Win XP Pro, 2 x Vista and 2 x Win 7 Pro pc's....what is the most optimal setup for speed.
Is it recommended to disable netbios on all the pc's?
Should I bother with a WINS server (wins support = yes in smb.conf) at all?
If the server has an entry in dns then all the pc's can still access by name right, so why bother with WINS?
For performance, set smb ports = 445 in smb.conf. Right?

If I did have WINS turned on at the samba server, then to populate the WINS database, netbios needs to be enabled and all pc's pointed to it.  But in this case can I still use "smb ports = 445", or will that break browsing?

  • 5
  • 3
3 Solutions
disable netbios maybe increment the speed but really a LIttle increment.
Disable Wins

Here you have 2 links refer that.


blokemanAuthor Commented:
Those links are pretty good, but none of them mention ports = 445.

So maybe the best way so far is to disable NetBIOS (and browsing), and use 'ports' on the server
In smb.conf:
disable netbios = yes
# we do not need netbios broadcasts for the windows shares so we can disable it. Our clients will be
# told where the share is located. Clients that only support netbios won't be able to see your samba
# server when netbios support is disabled.
ports = 445

and then also disable Netbios (and lmhosts lookup) on the Win pc's as well.  So then the only way they can resolve names is by DNS.

I suppose if netbios is disabled on Windows pc's then the netbios nodetype becomes irrelevant as well.

Anyone else with specific thoughts on the merit of using
ports 445

Daniel McAllisterPresident, IT4SOHO, LLCCommented:
Please read the article:


which explains some SAMBA settings to improve performance for Windows Vista/7 environments.

Cloud Class® Course: CompTIA Healthcare IT Tech

This course will help prep you to earn the CompTIA Healthcare IT Technician certification showing that you have the knowledge and skills needed to succeed in installing, managing, and troubleshooting IT systems in medical and clinical settings.

blokemanAuthor Commented:
Hi Dan
I had read that fantastic article previously.  You are a very concise and articulate writer!
I've now read it again, and have a question...

Is this best achieved just at the server with :
ports = 445
disable netbios = ye
s  <--- Is this even necessary if already using ports = 445?
Is it recommended to also disable NetBIOS on all the Windows pcs in their network control panel (under TCP/IP properties)?

With no netBIOS on the server or pc's then network browsing is not possible. Right?
So will this cause any problems?

Daniel McAllisterPresident, IT4SOHO, LLCCommented:

First, thank you for the kind words in-re the article on Samba & SMB2.

With regards to your issue, I think that there is a basic misunderstanding -- so permit me to slip back into professor mode for a moment, because I think many of your assumptions are incorrect.

Specifically, NetBIOS was not REPLACED by SMB, rather it was upgraded to (or evolved into) SMB.

The SMB protocol (that uses port 445) retains all of the same functionality as NetBIOS (except, perhaps, its connectionlessness and layer-2 protocol ambivalence) -- INCLUDING retaining the Microsoft "Browsing" functionality.

So disabling ports 137-139 and NetBIOS over TCP/IP will NOT accomplish your goal, if that goal is to preventing network browsing.

If I'm to assume that you want to disable network browsing on your LAN, there are 2 things to consider:
 1) There is a "browsing = [yes/no]" option for each share that can tell Samba NOT to allow browsing to that share, but I am not aware of any OTHER way to turn off computer browsing from the server.
 2) Unless you employ AD (that's a new article I'm writing -- deploying a Windows AD server as a XEN virtual machine in an otherwise all-Linux environment), you have no way of restricting Windows Clients from browsing - at least not while maintaining a way to access an SMB share.

OK -- Professor mode off --

Your original question is asking about optimizing Samba -- and particularly, dealing with long LAG times. Which is why I pointed to my article.

First: Using Samba 3.0 (or anything prior to 3.5) will get you access to SMB1, but not SMB2 protocols. Either will allow NetBIOS if you turn it on, but only Samba 3.5 and later supports SMB2 -- which is necessary for long-lag support.

Second: NetBIOS uses ports 137-139, SMB uses 445.
 - A connection using ports 137-139 is using NetBIOS -- on virtually any Windows or Linux system
 - A connection on port 445 is using SMB (either 1 or 2).
Thus, turn off your responses on Ports 137-139 (iptables in addition to smb.conf?) and you're not going to permit NetBIOS connections to that system.

Third: Lag times are a problem for both NetBIOS and SMB1 -- an attempted resolution is an SMB2 improvement
 - SMB2 is used in Windows Vista, 7, and Server 2008
 - SMB2 is used in Samba 3.5 and higher (including current beta versions of Samba 4)

Last: If you upgrade to Samba 3.5, your Windows 2000, XP, and Server 2003 systems will still be able to use SMB1, but your Vista, 7, & Server 2008 systems will also be able to use SMB2 -- there is no issue with supporting both on the same LAN.

So -
1) To enable better long-lag sensitivity and performance, upgrade to Samba 3.5
2) To eliminate the possibility of accidentally falling back to NetBIOS, disable ports 137-139 (actually the default for Samba 3.5 and up) -- but there is no way to prevent falling back from SMB2 to SMB1 -- they're on the same port & if they negotiate to SMB1 then so be it!
3) If you do NOT upgrade Samba to 3.5 or higher, your Windows Vista, 7, & Server 2008 systems will always negotiate to SMB1. Windows 7 and Server 2008 will not negotiate to NetBIOS unless you specifically allow it -- not in network connections, but in the registry!

I hope this answers your questions more clearly.

blokemanAuthor Commented:
Thanks Dan.  You experience and knowledge on this is excellent.

So a Samba upgrade is on the cards for sure with ports = 445.

Dan, just one last query re your statement:
The SMB protocol (that uses port 445) retains all of the same functionality as NetBIOS [...] -- INCLUDING retaining the Microsoft "Browsing" functionality.
With NetBIOS, I did assume that it alone was responsible for enabling browsing, because of  the way that it allows broadcasts or the use of WINS servers to obtain a list of NetBIOS hosts on the network.  By this I mean the list of PCs and servers which can be viewed in Network Neighborhood from a Windows PC.  Yet since Win 2000, Netbios is not needed because of Active Directory (AD) and it's integrated DNS.  So without an AD  server, how do PCs in a samba (SMB2) network obtain a list of computers in their domain (and Network Neighborhood)?
blokemanAuthor Commented:
Further to my last comment...Thinking a bit more, maybe in a SMB2 Samba 3.5+ network, this browse list functionality is all coming with Samba 4 and it's AD capabilities.  So for now, do Windows clients (on Samba SMB2) need to know the host name (as opposed to Network Neighborhood) to browse shared resources on that host?  For example by using \\hostname in Windows Explorer.
Daniel McAllisterPresident, IT4SOHO, LLCCommented:

WINS and the network browser are still very much alive -- in fact, in SMB2 it's even more active (ever looked at the Windows 7 Home Network?)

Microsoft has a KB article that, from a reasonably high level, describes the evolution of the browser function.

The ONLY real difference is that in SMB, instead of the browser service listening on port UDP 137 (the Name Resolution Port in NetBIOS), it listens on UDP Port 445 -- the same port it listens for data being transmitted.

You are correct that in AD, there is not the same need for a "browser" function -- but with AD (just as with PDCs in WinNT), the only real difference is that there isn't an "election" for a browser master -- the AD server (or the PDC) automatically wins the "election"! There is an AD command to list the other computers in the domain -- and its format isn't all that different from the NetBIOS query for the Master Browser to list it's "detected" systems!

I must admit I'm a bit confused... are you still trying to optimize samba (or SMB), or are you looking at a security concern?

blokemanAuthor Commented:
No particular security issue in mind, I just want to optimising Samba for speed and browsing.  

As it looks like using port 445 (SMB2) will provide both speed improvements and browsing functionality, then that is the configuration I'll implement.  I will just read up a bit more on the WINS side of things and enable that on the server.

Thanks again!

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

  • 5
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now