Not sure if this will help, but I found this on the NetApp site;

 

 

How to force SMB over TCP when NetBIOS is disabled on an Active Directory domain controller


Symptoms

How to force SMB over TCP when NetBIOS is disabled on an Active Directory domain controller

Domain controllers in a Windows Active Directory domain may have NetBIOS disabled. The filer will still attempt to use NetBIOS to communicate with the domain controllers and may time out when port 139 is blocked.

How can you force the filer to use Kerberos and port 445 to communicate with the domain controllers instead of NetBIOS and port 139?


Cause of this problem

Background Information: SMB over TCP vs. SMB over NBT

The SMB (Server Message Block) protocol is used among other things for file sharing in Windows NT / 2000. In Windows NT it ran on top of NBT (NetBIOS over TCP/IP), which used ports 137, 138 (UDP) and 139 (TCP). In Windows 2000, Microsoft added the possibility to run SMB directly over TCP/IP, without the extra layer of NBT. For this they use TCP port 445.

If the domain controller has NBT enabled, it listens on UDP ports 137, 138, and on TCP ports 139, 445. If it has NBT disabled, it listens on TCP port 445 only.


Solution

Setting the option cifs.netbios_over_tcp.enable on the filer to off causes the filer to initiate contact with the filer using DNS and 'SMB over TCP' instead of 'SMB over NBT' and broadcast / WINS lookups. 

To set the option to off, at the filer console enter:

options cifs.netbios_over_tcp.enable off

 

Does this mean that the filer still has to be in an AD forest? Don’t know…but with the above configurations is seems like the filer will listen only to the 445 port.

 

 

James

 

 

-----Original Message-----
From: owner-toasters@mathworks.com [mailto:owner-toasters@mathworks.com] On Behalf Of Glenn Walker
Sent: Wednesday, December 12, 2007 7:24 PM
To: Jack Lyons; toasters@mathworks.com
Subject: RE: making filer listen for smb requests on TCP/445

 

445 is used for KRB requests.  You (to my knowledge) cannot get CIFS +

KRB in a Windows environment without being in an AD forest.  I don't

believe there is any way to force the filer to use 445 without being in

an AD forest.

 

(I'd assume you can get Linux to run SAMBA with KRB outside of an AD

forest, but that's a completely different story.)

 

-----Original Message-----

From: owner-toasters@mathworks.com [mailto:owner-toasters@mathworks.com]

On Behalf Of Jack Lyons

Sent: Wednesday, December 12, 2007 8:50 PM

To: toasters@mathworks.com

Subject: making filer listen for smb requests on TCP/445

 

 From what I can find, if a filer is not part of an AD forest, it will

not listen on port 445 for SMB requests.  Is there a way to change so

that it WILL listen on port 445?

 

I know there is a way to turn it off, but not to force it.  We have a

process that attempts to contact the windows servers on 445 first and

then falls back to 139 if it doesn't work on 445.  It causes a small

delay, but we have thousands of attempts an hour and even a small delay

adds up.  We have currently hacked a perl module to get around the

issue, but I was hoping there was something we could do on the netapp

side.

 

Thanks

Jack