Web lists-archives.com

[Samba] how safe is "net use" in a batch file? plus some encryption questions





A customer asked me if someone would be able to sniff (wireshark or something like that) a password if plugging into the same switch as their samba server.

They use a desktop icon pointing at a plain old bat-file containing a "net use" command with the password right in there.

I *assume* that the "net use" authenticates via encrypted communication? could someone confirm that?

-

Unfortunately we can't use domain context there because of the special structure there: the thin clients are members in a AD domain separate from our protected standalone samba server (and these worlds have to be kept separated).

*and* I have to keep NTLMv1 etc activated to support old Windows XP VMs ... as far as I remember there are ways to activate safer protocols for XP as well, correct? (they insist on XP because of a specific software ...)

-

They also ask for encryption. I think I could encrypt the underlying layer via encfs or something, but that means that somebody has to provide a passphrase at boot/mount-time. I want to avoid a single-person-of-failure-scenario here: even if I am not available they have to be able to get that server up and running again in case of some reboot or so.

Is it recommended to just place a container like Truecrypt or Veracrypt inside a Samba-share? Any thoughts or recommendations here, best practices ... ?

have a nice weekend,
Stefan

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba