[Samba] Samba Share - security considerations

Edouard Guigné eguigne at pasteur-cayenne.fr
Fri May 4 15:12:55 UTC 2018

Dear Samba Users,

I configured a samba share on a linux centos 7 server as server member 
of an Active Directory Domain.

I used posix extended unix attributes in AD for permissions on the Samba 
Winbind and SSSD are also installed for the mapping of unix attibutes.

My question is more about security.
The linux server is using kerberos to dial with AD server (SSSD + Krb 
pam etc.).
I supposed that communication between Samba linux server and AD server 
is secure.

What about the communication between a Windows client and the Samba Server ?
The Windows clients are part of AD domain. When a user logs in a Windows 
client, how does the authentication works against the Samba linux server ?
Does a Windows client send login/passwd to the Samba Server to mount the 
share ?
If yes, is the communication between Windows client and server encrypted 
and secure ? Quid of Kerberos ?
Can we force the choice of cyphers somewhere ?

Best Regards,


More information about the samba mailing list