Jump to content

Samba Authentication?

Ivanhoe

By Ivanhoe
in Broken Computers

 Share

Recommended Posts

Ivanhoe Hierophant Lord

Ivanhoe

Posted
Posted

I am thinking about finally getting around to building a home backup server. So many questions. Since my client systems will be a mix of Windows and Linux (and possibly ESXi is/when I get around to building a lab server), and desktop and laptop will be dialoguing with the backup server via Wi-Fi, the authentication and network encryption thing is bugging me.

 

SMB3 and sshfs seem to have sufficient security, and I have read that Samba performing SMB3 has better throughput.

 

But I can't seem to find the handle on authentication. AFAICT, a Windows machine accessing a Samba server is going to do the NTLM thing, which is heartburn city even for NTLMv2.

 

What can be done to improve security for Windows clients? I ain't gonna run AD on my home network, so Kerberos is right out.

 

Linux appears to use smbclient to access a Samba server, with username/password being sent encrypted (hopefully!) by SMB3, and compared against the Samba user database. That doesn't bother me as much, assuming SMB3 is decently implemented.

Link to comment
Share on other sites
TTK Ciar Crew

TTK Ciar

Posted
Posted (edited)

I think you have a good handle on the issues. If there is a better alternative for Windows authentication, I've not heard of it.

One point to consider: If your Windows users install any third-party binaries or browse websites with javascript enabled, they are far more likely to become compromised via those vectors. I wouldn't worry too much about the security of your Samba setup. Once their desktops are compromised, so are (potentially) their fileserver accounts.

Edited by TTK Ciar
Link to comment
Share on other sites
Ivanhoe Hierophant Lord

Ivanhoe

Posted
  • Author
Posted

One point to consider: If your Windows users install any third-party binaries or browse websites with javascript enabled, they are far more likely to become compromised via those vectors. I wouldn't worry too much about the security of your Samba setup. Once their desktops are compromised, so are (potentially) their fileserver accounts.

 

Good point, I am just being anal. It just irks me that MS hasn't tightened up network authentication for workgroups.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...