On Sat, Apr 17, 2010 at 6:24 AM, Andrew Malton
<andrew.malton at esentire.com> wrote:> I want to (continue to) use Samba code to obtain data needed by my Linux
> client. ?This is currently done by calls into Samba's libraries.
> ?Unfortunately the resulting rpc traffic is unencrypted. ?I think this has
> to do with the configuration of encryption mechanisms on both sides, but
> perhaps (since when talking to older Windows systems, e.g. Windows 2000)
> encryption (with NTLM SSP I suppose) is used.
>
> Does Samba always use encryption ?when it can? ?or are there mechanisms
that
> Windows can now insist on that Samba cannot use?
>
> If the latter, is improved support for protocol encryption a future plan
for
> Samba development?
>
> Thanks for any help (in the form of pointers to documentation if there are
> things I've missed).
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: ?https://lists.samba.org/mailman/options/samba
>
Are you talking about calling mount -t cifs //samba/share /mnt/win ?
Are you talking about kerberos user login?
Linux kerberos can talk any of the encryption protocols, including
aes256. Fact is, WinXP cannot do AES for this, but it can talk the
less secure RC4.
At a win2000 domain level, you can talk RC4 or DES which was broken in
1998 by the EFF. A win2000 domain will offer DES as a kerberos option
but will tell winclients via Group Policy Objects to never user DES.
http://blogs.msdn.com/alextch/archive/tags/AD+Interop/default.aspx
Watch this video.
http://blogs.msdn.com/alextch/archive/2006/07/18/MITtoADRC4.aspx
Samba