April 21st, 2003, 03:35 AM
Samba Security Question
I use Samba to mount my Windows home directory, from my linux laptop. Currently I am using the mount command with the -o option entering my username and password. Does this information go over the ether unencrypted (I assume it does), and is there any way to make this more secure?
April 21st, 2003, 03:57 AM
The security of SAMBA is limited by the security in place in Windows. I am not sure whether Windows file-sharing authenticates in plain-text or through some sort of encryption (which is probably pretty weak if there is any). No matter what, their really isn't much you can do about it. The SAMBA package could have all the security that they want to put into it, but then it would be so secure that Windows wouldn't know what was going on...
If you want secure filesharing, windows isn't the way to go..., I love the fact that "hidden shares" are only hidden from other windows machines..., I used to peruse the campus network from my Mac and look for hidden un-password protected shares..., funny how many C$'s that you can find...
There are several secure ftp servers..., ssh includes secure file sharing stuff. But then you are limited with what you can run on Windows, and I don't have any ideas about that.
Perhaps someone else will have some actual suggestions about secure file sharing daemons/clients/servers/programs/etc. I just know that Windows is rediculous with the way that it shares...
The owl of Minerva spreads its wings only with the falling of dusk. -Hegel
April 21st, 2003, 04:09 AM
If you are running Windows NT 4.0 or above (XP, Win2k, Win2003) then passwords need to be encrypted in order for the "handshake" to occur. The smb.conf file must contain:
"encrypt passwords = yes"
If windows is "seeing" the samba server and you are using NT 4.0 or above, then password are almost surely ancrypted across the wire. Hop that helps
April 21st, 2003, 04:39 AM
Much thanks, took a look at the smb.conf file and saw that indeed encrypt passwords did equal yes. This makes me feel a little more secure. Thanks again for the tip.
Also thanks to all for you quick response to my question. This is exactly the reason why I joined AO, to benefit and benefit from this kind of community.