[Samba] how safe is "net use" in a batch file? plus some encryption questions
Stefan G. Weichinger
lists at xunil.at
Sat Nov 11 10:02:31 UTC 2017
A customer asked me if someone would be able to sniff (wireshark or
something like that) a password if plugging into the same switch as
their samba server.
They use a desktop icon pointing at a plain old bat-file containing a
"net use" command with the password right in there.
I *assume* that the "net use" authenticates via encrypted communication?
could someone confirm that?
-
Unfortunately we can't use domain context there because of the special
structure there: the thin clients are members in a AD domain separate
from our protected standalone samba server (and these worlds have to be
kept separated).
*and* I have to keep NTLMv1 etc activated to support old Windows XP VMs
... as far as I remember there are ways to activate safer protocols for
XP as well, correct? (they insist on XP because of a specific software ...)
-
They also ask for encryption. I think I could encrypt the underlying
layer via encfs or something, but that means that somebody has to
provide a passphrase at boot/mount-time. I want to avoid a
single-person-of-failure-scenario here: even if I am not available they
have to be able to get that server up and running again in case of some
reboot or so.
Is it recommended to just place a container like Truecrypt or Veracrypt
inside a Samba-share? Any thoughts or recommendations here, best
practices ... ?
have a nice weekend,
Stefan
More information about the samba
mailing list