[Samba] Samba4 security issues

Nico Kadel-Garcia nkadel at gmail.com
Mon Dec 2 05:57:27 MST 2013

On Mon, Dec 2, 2013 at 2:56 AM,  <me at electronico.nc> wrote:
> Hi all,
> Could someone explain this sentence on the Samba Wiki (
> https://wiki.samba.org/index.php/Samba4/HOWTO/Virtual_Private_Network ) :
> "Plese note that the Domain Controller (Samba4) can also be configure on the
> Firewall itself, but this is strongly not recommended due to a security
> issues."
> Are these security issues still there when Samba is listening only on LAN
> port ( https://wiki.samba.org/index.php/Samba_port_usage ) like :
> bind interfaces only = yes
> interfaces = lo eth0
> Of course server is well firewalled and remote users are connecting through
> VPN.
> Thanks in advance for your time.
> Nicolas

This is basic layered security protocol: by segregating critical,
likely to be attacked components, an exploit or access to one does not
automatically expose the other. Since the Samba server handles
authentication and DNS, someone who cracks or is given needed
configuration access to the firewall itself should not have access to
the other critical services automatically.

More information about the samba mailing list