[Samba] samba domain vs linux network security

Derek Harkness dharknes at umd.umich.edu
Fri Nov 11 17:10:38 GMT 2005

We use AFS/Kerberos/LDAP to provide home directories to our Linux/ 
Unix/OSX users, our Windows users connect into our Samba domain.   
Samba has pretty good AFS support for gatewaying SMB <-> AFS  
requests, at a minor weakening of filesystem security.  I'm hoping  
Samba4 will allow me to use Kerberos all the way through.  The  
biggest downside to the AFS/Kerberos/LDAP/Samba setup is complexity,   
each service is a pain to setup by itself, getting them working  
together nearly involved human sacrifice.  But the system has been  
working for about a year with 99.99% uptime.

A big thanks to all the Samba developers!

On Nov 10, 2005, at 8:27 AM, mourik jan c heupink wrote:

>> You have several options.  First, there are steps that you can  
>> take to
>> improve NFS security somewhat, such as restricting it to  
>> particular IP
>> addresses (although IP addresses can be spoofed).  Second, you can  
>> use
>> NFSv4, which supports proper authentication.  Third, you can use an
>> alternative means of sharing drives to Linux.  I've actually been
>> using SMB to access my Linux server's drives from my Linux client, to
>> avoid setting up a separate file-sharing service.  Several other
>> options exist - including SSHFS (for more of a quick-and-dirty
>> approach), AFS, and Coda, but I don't have experience with any of
>> them.
> Thanks very much for the feedback.
> since nfs4 is NOT included in sles9 (apparently because it's acl  
> code is not yet stable..?)  I will take look at the two  
> alternatives you mention.
> The feedback was very much appreciated.
> Mourik Jan
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list