[Samba] compromising security

Tomasz Chmielewski mangoo at mch.one.pl
Mon Jul 4 20:55:15 GMT 2005

Recently, I was thinking if my setup is secure.

When the workstations start, they also start a script, which connects to 
a Samba share with username/password (and there is software in this 
share, with the registration keys etc. important data).

On a workstation, this script can't be read by a normal user (I was 
considering some sort of simple pseudo-encrypting, which would turn 
plaintext usernames/passwords into a pseudo-encrypted file; in case the 
disk or one of workstations is stolen).

But then I realised, that probably it's much easier to get all 
credentials, without stealing a disk or decrypting a file with 
passwords, so all efforts to protect the shares with usernames/passwords 
and encrypting the script are probably useless.

All that should be done is to unplug the workstation from the network, 
then plug a laptop with a network sniffer into the workstation (connect 
the network cards), and watch the traffic...
If the laptop acts with a name of a "real" server, and has "encrypt 
passwords = no" - would the workstation send the credentials in 
plaintext, and thus, all carefully crafted security would be compromised?

Or is something fundamentally wrong in my thinking (hopefully)?


More information about the samba mailing list