Hi, I've been given the task of making class accounts from solaris and linux servers available to windows workstations via mapped network drives. Sounds just like the job for samba, I know. However, I'm very, *very* anxious about security; I need to ensure that both passwords and the data transferred between server and client are secure (i.e. not plaintext, but then again not military strength encryption) What is the 'best' way to securely map network drives from windows to unix? Is the standard samba data transfer mechanism secure? I need to reduce the burden on the workstation setup as much as possible - things need to be as easy as possible for the students, poor things ;-) Thanks! /* * Anthony Clark * e-Lab Systems Administrator * University of Michigan Business School * 701 Tappan Street, Rm A2120 * Ann Arbor, Michigan 48109-1234 * Tel: (734) 764 2295 * Cel: (734) 262 0933 (out of hours emergencies) * Fax: (734) 763 4032 * aclrk@umich.edu */
Hi Anthony, Read the smb.conf man page and look at the encrypt passwords = yes option. Also, you can compile SSL-enabled Samba with the --with-ssl option at ./configure time. There is more info about this in the smb.conf man page and the Docs that come with the Samba source distribution. I have not actually tried SSL-enabled Samba, but I do send encrypted passwords across the wire. Cheers, Jason On Wednesday 01 May 2002 10:18 am, Clark, Anthony wrote:> Hi, > > I've been given the task of making class accounts from solaris and linux > servers available to windows workstations via mapped network drives. > Sounds just like the job for samba, I know. However, I'm very, *very* > anxious about security; I need to ensure that both passwords and the data > transferred between server and client are secure (i.e. not plaintext, but > then again not military strength encryption) > > What is the 'best' way to securely map network drives from windows to unix? > Is the standard samba data transfer mechanism secure? I need to reduce > the burden on the workstation setup as much as possible - things need to be > as easy as possible for the students, poor things ;-) > > Thanks! > > /* > * Anthony Clark > * e-Lab Systems Administrator > * University of Michigan Business School > * 701 Tappan Street, Rm A2120 > * Ann Arbor, Michigan 48109-1234 > * Tel: (734) 764 2295 > * Cel: (734) 262 0933 (out of hours emergencies) > * Fax: (734) 763 4032 > * aclrk@umich.edu > */--
On Wed, May 01, 2002 at 12:22:53PM -0400, Jason Stewart wrote:> Hi Anthony, > > Read the smb.conf man page and look at the encrypt passwords = yes option. > Also, you can compile SSL-enabled Samba with the --with-ssl option at > ./configure time. There is more info about this in the smb.conf man page and > the Docs that come with the Samba source distribution. I have not actually > tried SSL-enabled Samba, but I do send encrypted passwords across the wire.No windows client will connnect to an SSL-enabled samba server, unless you use some form of client-side proxy. As such --with-ssl is useless with Windows clients. We may well remove this option entirely, as it is much better implemented by use of stunnel and inetd. (The code for this is *really* ugly) Andrew Bartlett