[Samba] Re: samba as a replacement for ftp
Francis Lau
fkwlau at fitch.math.uwaterloo.ca
Tue Feb 25 15:50:32 GMT 2003
As we do not have a very computer literate user base, we need to keep
things simple. I've looked at coupling samba with ssl or kerberos, but
both techniques will require the user to install a client and/or other
software on their end. We are trying to avoid this and let the users save
their files onto the server as though their share is on their local
computer. Are there currently any other methods (samba or not) that would
allow us to achieve this? (Samba's native encrypted passwords work great
in this sense because the users do not have to do anything at all other
than connecting to the server. Of course, the encrypted passwords are not
very safe to begin with...)
Thanks,
Francis
On Tue, 25 Feb 2003, mark wrote:
> On Tuesday 25 February 2003 15:02, Francis Lau wrote:
> > If we plan to use samba/windows 's way of encrypting passwords (LanManager
> > / Windows NT MD4) then we don't need a VPN. I would think that all the
> > user has to do is connect by typing \\some.domain.name.ca\sharefolder
> > using ports 137/139. Am I correct here? Please correct me if I am wrong.
> >
> > Would there be any security risks if we were to implement samba this way?
> >
> > Many thanks,
> > Francis
>
> 1. The smb/cifs/whatever connection itself is NOT encrypted. So all the
> files could be read by anyone with access to a machine it crosses.
> 2. The encrypted passwords are weak. There is documentation that comes with
> releases that explains this better than I understand it.
> 3. Many ISP's block ports 137/139. A large number of people have filesharing
> available without knowing it.
>
> Those are some thoughts off of the top of my head.
> mark
>
More information about the samba
mailing list