[Samba] Encryption

[Andrew Malton]

Thanks for helpful comments and suggestions.

In our situation we can't use smbclient -e because the data sources  
are not Samba/Linux, they're running various versions of Windows.
But also, what we're doing is not file access but event log access.   
We aren't using CIFS but calling into ndr subroutines.  As I said, we  
are using Samba code, not just being Samba users.

The behaviour is this.  When connecting and retrieving event logs  
(using dcerpc_eventlog_ReadEventLogW and friends) the traffic is  
encrypted when talking to e.g. Windows 2000 (I think actually  
anything before Win2003 SP 2)  but unencrypted when talking e.g. to  
Server 2008.   We are, of course, never talking to Samba servers as  
such.

Authorization seems to be encrypted in both cases, that isn't the issue.

(We are on Samba 4 for some purposes.  In Samba 4, there's a torture  
test covering the event log API that exhibits the same behaviour we  
have seen by our client.)

A Malton


--
Dr. Andrew Malton
e•sentire Critical Security Solutions
260 Holiday Inn Drive Building "A" Suite 29
Cambridge
Canada N3C 4E8

AIM:ajmalton at mac.com
tel: +1 519 651 2299 x 119