[Samba] Are the connections between Domain Controlers encrypted?
Daniel Carrasco Marín
danielmadrid19 at gmail.com
Fri Jul 10 22:06:32 UTC 2015
2015-07-10 22:35 GMT+02:00 Andrew Bartlett <abartlet at samba.org>:
> On Wed, 2015-07-01 at 14:54 +0200, Daniel Carrasco Marín wrote:
> > Hi,
> > Just that is my question: Are the connection between DC encripted?.
> > I'm planning to create a secondary DC on a external dedicated server and
> > want to know if the connections are secure, because is not a good idea to
> > have authentication data traveling through internet without any kind of
> > encription...
> > My main DC have ldap through ssl activated and working fine, but i don't
> > know if that cares or i've to change anything to allow to secondary DC to
> > use secure connections too.
> > Another question: I've to consider anything, for example connection
> > (besides the sysvol syncronization of course).
> They should be done over a VPN, as while parts are encrypted, Samba
> isn't recommended to be exposed to the public internet (just too many
> protocols, too large an attack surface).
> Andrew Bartlett
> Andrew Bartlett http://samba.org/~abartlet/
> Authentication Developer, Samba Team http://samba.org
> Samba Developer, Catalyst IT
Thanks for your reply.
I'm planing to create the samba4 secondary DC on an external dedicated
server but on a virtual machine hidden from external traffic.
I want this because i've some services on that server authenticated with
the DC, and if internet connection is lost then that services will stop
I'll see how to create the new VPN network.
More information about the samba