[Samba] Encryption

Andrew Malton andrew.malton at esentire.com
Mon Apr 19 07:57:53 MDT 2010

Thanks for helpful comments and suggestions.

In our situation we can't use smbclient -e because the data sources  
are not Samba/Linux, they're running various versions of Windows.
But also, what we're doing is not file access but event log access.   
We aren't using CIFS but calling into ndr subroutines.  As I said, we  
are using Samba code, not just being Samba users.

The behaviour is this.  When connecting and retrieving event logs  
(using dcerpc_eventlog_ReadEventLogW and friends) the traffic is  
encrypted when talking to e.g. Windows 2000 (I think actually  
anything before Win2003 SP 2)  but unencrypted when talking e.g. to  
Server 2008.   We are, of course, never talking to Samba servers as  

Authorization seems to be encrypted in both cases, that isn't the issue.

(We are on Samba 4 for some purposes.  In Samba 4, there's a torture  
test covering the event log API that exhibits the same behaviour we  
have seen by our client.)

A Malton

Dr. Andrew Malton
e•sentire Critical Security Solutions
260 Holiday Inn Drive Building "A" Suite 29
Canada N3C 4E8

AIM:ajmalton at mac.com
tel: +1 519 651 2299 x 119

More information about the samba mailing list