[Samba] Samba Share - security considerations
Edouard Guigné
eguigne at pasteur-cayenne.fr
Fri May 4 15:12:55 UTC 2018
Dear Samba Users,
I configured a samba share on a linux centos 7 server as server member
of an Active Directory Domain.
I used posix extended unix attributes in AD for permissions on the Samba
share.
Winbind and SSSD are also installed for the mapping of unix attibutes.
My question is more about security.
The linux server is using kerberos to dial with AD server (SSSD + Krb
pam etc.).
I supposed that communication between Samba linux server and AD server
is secure.
What about the communication between a Windows client and the Samba Server ?
The Windows clients are part of AD domain. When a user logs in a Windows
client, how does the authentication works against the Samba linux server ?
Does a Windows client send login/passwd to the Samba Server to mount the
share ?
If yes, is the communication between Windows client and server encrypted
and secure ? Quid of Kerberos ?
Can we force the choice of cyphers somewhere ?
Best Regards,
Ed
More information about the samba
mailing list