andrew.malton at esentire.com
Mon Apr 19 07:57:53 MDT 2010
Thanks for helpful comments and suggestions.
In our situation we can't use smbclient -e because the data sources
are not Samba/Linux, they're running various versions of Windows.
But also, what we're doing is not file access but event log access.
We aren't using CIFS but calling into ndr subroutines. As I said, we
are using Samba code, not just being Samba users.
The behaviour is this. When connecting and retrieving event logs
(using dcerpc_eventlog_ReadEventLogW and friends) the traffic is
encrypted when talking to e.g. Windows 2000 (I think actually
anything before Win2003 SP 2) but unencrypted when talking e.g. to
Server 2008. We are, of course, never talking to Samba servers as
Authorization seems to be encrypted in both cases, that isn't the issue.
(We are on Samba 4 for some purposes. In Samba 4, there's a torture
test covering the event log API that exhibits the same behaviour we
have seen by our client.)
Dr. Andrew Malton
e•sentire Critical Security Solutions
260 Holiday Inn Drive Building "A" Suite 29
Canada N3C 4E8
AIM:ajmalton at mac.com
tel: +1 519 651 2299 x 119
More information about the samba