Re: [Samba] Samba Share - security considerations
- Date: Fri, 4 May 2018 16:55:18 +0100
- From: Rowland Penny via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] Samba Share - security considerations
On Fri, 4 May 2018 12:12:55 -0300
Edouard Guigné via samba <samba@xxxxxxxxxxxxxxx> wrote:
> Dear Samba Users,
> I configured a samba share on a linux centos 7 server as server
> member of an Active Directory Domain.
> I used posix extended unix attributes in AD for permissions on the
> Samba share.
> Winbind and SSSD are also installed for the mapping of unix attibutes.
Why, you only need one of them and depending what comes after files (or
compat) on the 'passwd' line in /etc/nsswitch.conf, that is the one
that will be used
> My question is more about security.
> The linux server is using kerberos to dial with AD server (SSSD + Krb
> pam etc.).
> I supposed that communication between Samba linux server and AD
> server is secure.
> What about the communication between a Windows client and the Samba
> Server ? The Windows clients are part of AD domain. When a user logs
> in a Windows client, how does the authentication works against the
> Samba linux server ? Does a Windows client send login/passwd to the
> Samba Server to mount the share ?
> If yes, is the communication between Windows client and server
> encrypted and secure ? Quid of Kerberos ?
If you are using 'winbind', then, yes, it will be secure, no idea about
SSSD, it has nothing to do with Samba, you could try asking on the
> Can we force the choice of cyphers somewhere ?
To unsubscribe from this list go to the following URL and read the