Samba automatically broadcasts its presence on the network using NetBIOS over TCP/IP (NBT) and WS-Discovery protocols. While convenient for dynamic environments, these broadcasts become unnecessary clutter in strictly controlled networks.
Edit your smb.conf file (typically located at /etc/samba/smb.conf) with these critical parameters:
[global]
# Disable NetBIOS completely
disable netbios = yes
# Prevent master browser elections
local master = no
os level = 0
preferred master = no
domain master = no
# Turn off WSD (Web Services Discovery)
server min protocol = SMB2_02
disable netbios = yes
wsdd disable autostart = yes
After modifying the configuration, apply changes and restart services:
# For systems using systemd:
sudo systemctl stop nmbd
sudo systemctl disable nmbd
sudo systemctl restart smbd
# For legacy systems:
sudo service nmbd stop
sudo update-rc.d nmbd disable
sudo service smbd restart
Check that Samba is no longer broadcasting:
# Check NetBIOS status
nmblookup -S __SAMBA__
# Monitor network traffic
sudo tcpdump -i eth0 port 137 or port 138 or port 5355
For extra protection, block remaining broadcast-related ports:
# Example using iptables
sudo iptables -A INPUT -p udp --dport 137 -j DROP
sudo iptables -A INPUT -p udp --dport 138 -j DROP
sudo iptables -A INPUT -p udp --dport 5355 -j DROP
Disabling broadcasts reduces network chatter by approximately 5-10 packets per second per Samba server. In large deployments, this significantly decreases switch CPU utilization and broadcast domain congestion.
Samba's default configuration enables NetBIOS over TCP/IP (nbt) and WS-Discovery protocols for service advertisement. These features generate periodic broadcast packets (UDP 137/138) and multicast traffic (UDP 3702) even when using static configurations.
// Typical broadcast packet captured via tcpdump
15:42:01.123456 IP 192.168.1.100.137 > 192.168.1.255.137: UDP, length 50
15:42:02.654321 IP fe80::a1b2:c3d4:e5f6.3702 > ff02::c.3702: UDP, length 136Edit /etc/samba/smb.conf with these critical directives:
[global]
disable netbios = yes
dns proxy = no
multicast dns register = no
server announce = no
local master = no
domain master = no
preferred master = no
os level = 0
wins support = noFor modern systems using systemd, disable related services:
# Stop and mask NetBIOS services
sudo systemctl stop nmbd
sudo systemctl disable nmbd
sudo systemctl mask nmbd
# Optional: Prevent Avahi from interfering
sudo systemctl stop avahi-daemon
sudo systemctl disable avahi-daemonAdd these sysctl parameters to suppress residual broadcasts:
# /etc/sysctl.d/90-samba.conf
net.ipv4.conf.all.bc_forwarding=0
net.ipv4.conf.all.mc_forwarding=0
net.ipv4.icmp_echo_ignore_broadcasts=1Verify configuration with these diagnostic commands:
# Check active NetBIOS status
nmblookup -S __SAMBA__
# Monitor residual broadcasts
tcpdump -i eth0 'port 137 or port 138 or port 3702' -v
# Confirm service status
smbstatus --verboseFor source-based installations, use these configure flags:
./configure --disable-avahi \
--without-ads \
--without-winbind \
--without-systemd \
--disable-ipv6