On Mon, Dec 2, 2013 at 2:56 AM, <me at electronico.nc>
wrote:> Hi all,
> Could someone explain this sentence on the Samba Wiki (
> https://wiki.samba.org/index.php/Samba4/HOWTO/Virtual_Private_Network ) :
> "Plese note that the Domain Controller (Samba4) can also be configure
on the
> Firewall itself, but this is strongly not recommended due to a security
> issues."
> Are these security issues still there when Samba is listening only on LAN
> port ( https://wiki.samba.org/index.php/Samba_port_usage ) like :
> bind interfaces only = yes
> interfaces = lo eth0
> Of course server is well firewalled and remote users are connecting through
> VPN.
> Thanks in advance for your time.
> Nicolas
This is basic layered security protocol: by segregating critical,
likely to be attacked components, an exploit or access to one does not
automatically expose the other. Since the Samba server handles
authentication and DNS, someone who cracks or is given needed
configuration access to the firewall itself should not have access to
the other critical services automatically.