jra at samba.org
Mon Apr 19 09:13:58 MDT 2010
On Mon, Apr 19, 2010 at 09:57:53AM -0400, Andrew Malton wrote:
> Thanks for helpful comments and suggestions.
> In our situation we can't use smbclient -e because the data sources
> are not Samba/Linux, they're running various versions of Windows.
> But also, what we're doing is not file access but event log access.
> We aren't using CIFS but calling into ndr subroutines. As I said,
> we are using Samba code, not just being Samba users.
> The behaviour is this. When connecting and retrieving event logs
> (using dcerpc_eventlog_ReadEventLogW and friends) the traffic is
> encrypted when talking to e.g. Windows 2000 (I think actually
> anything before Win2003 SP 2) but unencrypted when talking e.g. to
> Server 2008. We are, of course, never talking to Samba servers as
> Authorization seems to be encrypted in both cases, that isn't the issue.
This is RPC encryption, not SMB transport encryption. This can
be negotiated on the traffic being carried within the SMB
More information about the samba