encryption on network

Christopher R. Hertel crh at ubiqx.mn.org
Thu Jul 28 18:08:04 MDT 2011

Jeremy Allison wrote:
> On Thu, Jul 28, 2011 at 05:59:41PM -0500, Christopher R. Hertel wrote:
>> The network traffic is not encrypted.
>> The SMB protocol does not provide any mechanism for encrypting traffic
>> between clients and servers.
> As shipped by Microsoft :-). The UNIX extensions to SMB allow
> encrypted traffic between clients and servers and Samba has
> supported this for a long time (smbclient -e will encrypt
> traffic).

Right, but the question particularly listed WinXP as one of the
participating clients.  Windows clients don't support the Unix extensions,
so they don't support encrypted SMB and that kinda ruins the whole thing,
eh?  [sad face]

>> The only good way to ensure that the traffic
>> is encrypted is to create a VPN and ensure that SMB traffic is always
>> contained within the VPN.
> Or use Samba smbclient to a smbd server :-). Of course, we
> really need this in the Linux CIFS client.

...and that's the other piece.  Smbclient is a very useful tool, but not
what you want to use if you are trying to mount a file system.

> Steve French - where's my encrypted transport code !!! (your
> monthly ping on this :-).

Please allow me to join the choir on that.  (I'll sit at the back and not
get in anyone's way.)  [winky face]

Chris -)-----

"Implementing CIFS - the Common Internet FileSystem" ISBN: 013047116X
Samba Team -- http://www.samba.org/     -)-----   Christopher R. Hertel
jCIFS Team -- http://jcifs.samba.org/   -)-----   ubiqx development, uninq.
ubiqx Team -- http://www.ubiqx.org/     -)-----   crh at ubiqx.mn.org
OnLineBook -- http://ubiqx.org/cifs/    -)-----   crh at ubiqx.org

More information about the samba-technical mailing list