[Samba] File encryption

d.carrasco at ttu.es d.carrasco at ttu.es
Sun Nov 23 01:13:54 MST 2014


El 2014-11-23 00:47, Nico Kadel-Garcia escribió:
> On Sat, Nov 22, 2014 at 2:05 PM, David Bear <dwbear75 at gmail.com> wrote:
>> this would be an interesting 'feature' -- the question is what would 
>> the
>> encryption key be -- who who hold it, and how would you prevent a 
>> drag'n
>> dropping of the file out of the file server to the users desktop ?
> 
> 
>> On Fri, Nov 21, 2014 at 5:48 AM, Daniel Carrasco Marín 
>> <d.carrasco at ttu.es>
>> wrote:
>> 
>>> Hi,
>>> 
>>> Is there any way to encrypt a file to avoid it usage outside of a 
>>> domain?.
>>> I've a Samba domain, with some Windows computers connected to that 
>>> domain
>>> and i want to know if something like that exist.
>>> 
>>> Greetings!!
> 
> I don't see anything like that right now. It sounds like a *lot* of
> pain to integrate with a stable, mission critical toolkit that's woven
> into system operating systems and is exceptionally unlikely to ever be
> excepted into the Windows kernels to work well with Samba.
> 
> You can achieve *most* of this by using a Kerberos sensitive file
> sharing system, such as NFSv4 on Linux/UNIX hosts and CIFS group
> enabled access on the Windows clients. It takes work to integrate
> those, but it can certainly work with NetApp based servers.
> 
> And there is no defense in this approach to drag'n-drop, David is
> quite right. But it's a reasonable place to work from.

Hi, that's truth ;)

I forgot to say that is only curiosity ;)

I was talking about something like windows option (right click 
properties -> Advanced -> encrypt content...), but i'm not really sure 
if that really works :P
Something like: if a user copy a file from server allow it usage in 
every PC where he's logged (or anyone with permissions in that file), 
but disallow to user reasd that file without be logged (in home for 
exampled). Really it's a lot of work implement something like that and 
sure that you need to install 3rd party software on clients to allow 
windows to read permissions from file in AD, and get decryption key.

Thanks all!!


More information about the samba mailing list