Jump to content
tanknet.org

Samba Authentication?


Recommended Posts

I am thinking about finally getting around to building a home backup server. So many questions. Since my client systems will be a mix of Windows and Linux (and possibly ESXi is/when I get around to building a lab server), and desktop and laptop will be dialoguing with the backup server via Wi-Fi, the authentication and network encryption thing is bugging me.

 

SMB3 and sshfs seem to have sufficient security, and I have read that Samba performing SMB3 has better throughput.

 

But I can't seem to find the handle on authentication. AFAICT, a Windows machine accessing a Samba server is going to do the NTLM thing, which is heartburn city even for NTLMv2.

 

What can be done to improve security for Windows clients? I ain't gonna run AD on my home network, so Kerberos is right out.

 

Linux appears to use smbclient to access a Samba server, with username/password being sent encrypted (hopefully!) by SMB3, and compared against the Samba user database. That doesn't bother me as much, assuming SMB3 is decently implemented.

Link to post
Share on other sites

I think you have a good handle on the issues. If there is a better alternative for Windows authentication, I've not heard of it.

One point to consider: If your Windows users install any third-party binaries or browse websites with javascript enabled, they are far more likely to become compromised via those vectors. I wouldn't worry too much about the security of your Samba setup. Once their desktops are compromised, so are (potentially) their fileserver accounts.

Edited by TTK Ciar
Link to post
Share on other sites

One point to consider: If your Windows users install any third-party binaries or browse websites with javascript enabled, they are far more likely to become compromised via those vectors. I wouldn't worry too much about the security of your Samba setup. Once their desktops are compromised, so are (potentially) their fileserver accounts.

 

Good point, I am just being anal. It just irks me that MS hasn't tightened up network authentication for workgroups.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...