Daniel Carrasco Marín
2015-Jul-01 12:54 UTC
[Samba] Are the connections between Domain Controlers encrypted?
Hi, Just that is my question: Are the connection between DC encripted?. I'm planning to create a secondary DC on a external dedicated server and i want to know if the connections are secure, because is not a good idea to have authentication data traveling through internet without any kind of encription... My main DC have ldap through ssl activated and working fine, but i don't know if that cares or i've to change anything to allow to secondary DC to use secure connections too. Another question: I've to consider anything, for example connection speed? (besides the sysvol syncronization of course). Thanks!!
Andrew Bartlett
2015-Jul-10 20:35 UTC
[Samba] Are the connections between Domain Controlers encrypted?
On Wed, 2015-07-01 at 14:54 +0200, Daniel Carrasco Marín wrote:> Hi, > > Just that is my question: Are the connection between DC encripted?. > > I'm planning to create a secondary DC on a external dedicated server and i > want to know if the connections are secure, because is not a good idea to > have authentication data traveling through internet without any kind of > encription... > > My main DC have ldap through ssl activated and working fine, but i don't > know if that cares or i've to change anything to allow to secondary DC to > use secure connections too. > > Another question: I've to consider anything, for example connection speed? > (besides the sysvol syncronization of course).They should be done over a VPN, as while parts are encrypted, Samba isn't recommended to be exposed to the public internet (just too many protocols, too large an attack surface). Thanks, Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
Daniel Carrasco Marín
2015-Jul-10 22:06 UTC
[Samba] Are the connections between Domain Controlers encrypted?
2015-07-10 22:35 GMT+02:00 Andrew Bartlett <abartlet at samba.org>:> On Wed, 2015-07-01 at 14:54 +0200, Daniel Carrasco Marín wrote: > > Hi, > > > > Just that is my question: Are the connection between DC encripted?. > > > > I'm planning to create a secondary DC on a external dedicated server and > i > > want to know if the connections are secure, because is not a good idea to > > have authentication data traveling through internet without any kind of > > encription... > > > > My main DC have ldap through ssl activated and working fine, but i don't > > know if that cares or i've to change anything to allow to secondary DC to > > use secure connections too. > > > > Another question: I've to consider anything, for example connection > speed? > > (besides the sysvol syncronization of course). > > They should be done over a VPN, as while parts are encrypted, Samba > isn't recommended to be exposed to the public internet (just too many > protocols, too large an attack surface). > > Thanks, > > Andrew Bartlett > > -- > Andrew Bartlett http://samba.org/~abartlet/ > Authentication Developer, Samba Team http://samba.org > Samba Developer, Catalyst IT > http://catalyst.net.nz/services/samba > > >Thanks for your reply. I'm planing to create the samba4 secondary DC on an external dedicated server but on a virtual machine hidden from external traffic. I want this because i've some services on that server authenticated with the DC, and if internet connection is lost then that services will stop working. I'll see how to create the new VPN network. Greetings!!