Web lists-archives.com

[Samba] Samba Share - security considerations




Dear Samba Users,

I configured a samba share on a linux centos 7 server as server member of an Active Directory Domain.

I used posix extended unix attributes in AD for permissions on the Samba share.
Winbind and SSSD are also installed for the mapping of unix attibutes.

My question is more about security.
The linux server is using kerberos to dial with AD server (SSSD + Krb pam etc.). I supposed that communication between Samba linux server and AD server is secure.

What about the communication between a Windows client and the Samba Server ?
The Windows clients are part of AD domain. When a user logs in a Windows client, how does the authentication works against the Samba linux server ? Does a Windows client send login/passwd to the Samba Server to mount the share ? If yes, is the communication between Windows client and server encrypted and secure ? Quid of Kerberos ?
Can we force the choice of cyphers somewhere ?

Best Regards,

Ed


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba