Uhm, windows does not support ssl tunneled CIFS. Currently there are only two things that support it. See samba-2.0.7/docs/textdocs/SSLeay.txt. If you can show me documents that explain how to connect a windows computer to a samba server with ssl enabled fine, until then samba's documentation says: <start> Which clients are available that support SSL? ============================================= Currently there are only smbclient which is part of the samba package and Sharity. Sharity versions newer than 0.14 in the beta branch and 1.01 in the main branch can be compiled with SSLeay. Sharity is a CIFS/SMB client implementation for Unix. It is a commercial product, but it is available in source code and the demo-mode allows access to the first three layers of the mounted directory hierarchy. Licenses for universities and students are free. Sharity is available at </start> Documentation is a good thing, but only if you read it. -miah On Mon, Oct 23, 2000 at 12:00:51PM -0600, Kurt Seifried wrote:
the probelm is that the password is still trasmitted over the network in clear text thus anyone running a sniffer on the network may be able to get your passwords. Ideally if you can have a linux box on his end as well and then do a VPN using swan you can be sure your communications are not being tapped. Otherwise for me I use a web based interface for users who want to upload their pages using mod_dav and webrfm and of course I use ssl for it.
Here we go merrily smoking crack again~
SMB can use encrypted passwords.
[seifried@stench seifried]$ grep pass /etc/samba/smb.conf encrypt passwords = Yes password server = 10.3.0.20
You can also SSL wrap all SMB communications (yes, windows supports it). From man smb.conf:
o ssl o ssl CA certDir o ssl CA certFile o ssl ciphers o ssl client cert o ssl client key o ssl compatibility o ssl hosts o ssl hosts resign o ssl require clientcert o ssl require servercert o ssl server cert o ssl server key o ssl version
Kurt Seifried - seifried@securityportal.com SecurityPortal, your focal point for security on the net http://www.securityportal.com/
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com