[Samba] compromising security

[Tomasz Chmielewski]

Recently, I was thinking if my setup is secure.

When the workstations start, they also start a script, which connects to 
a Samba share with username/password (and there is software in this 
share, with the registration keys etc. important data).

On a workstation, this script can't be read by a normal user (I was 
considering some sort of simple pseudo-encrypting, which would turn 
plaintext usernames/passwords into a pseudo-encrypted file; in case the 
disk or one of workstations is stolen).


But then I realised, that probably it's much easier to get all 
credentials, without stealing a disk or decrypting a file with 
passwords, so all efforts to protect the shares with usernames/passwords 
and encrypting the script are probably useless.

All that should be done is to unplug the workstation from the network, 
then plug a laptop with a network sniffer into the workstation (connect 
the network cards), and watch the traffic...
If the laptop acts with a name of a "real" server, and has "encrypt 
passwords = no" - would the workstation send the credentials in 
plaintext, and thus, all carefully crafted security would be compromised?

Or is something fundamentally wrong in my thinking (hopefully)?


-- 
Tomek