![]() Whichever option you choose, your Samba server will only be as secure as the system you’re using to authenticate users. Samba is flexible enough to allow you to use the local UNIX server, a stand-alone Windows server, a Windows 2000 domain, or an LDAP server to tell it which clients should and should not be allowed to connect to the server. Once you know that the passwords are securely transmitted, you can move on to policy issues. In fact, there are two versions of NT authentication, but either is sufficiently secure for today’s processing capacities. The NT authentication is substantially more difficult to break than a LAN Manager password hash. This will break any non-Windows NT/2000/XP clients and servers since these are the only clients capable of communicating with NT’s authentication. To turn off LAN Manager passwords, you can add the global option Lanman Auth and set it to No. It’s not clear text, but the hash is sufficiently easy to crack via brute force that it’s not recommended. However, Samba will, by default, start using an older LAN Manager format for hashed passwords. This will cause Samba never to use clear-text passwords. ![]() The first step is to set the Encrypted Passwords global option to Yes. Basically, the username and password were packaged and transmitted without protection across the network. Up until Windows 2000 Service Pack 3, clear text was one of those options. ![]() Limiting password transmission on the networkĪlthough transparent to the user, there are several ways in which Windows will transmit and receive a password. Sniffing a password off the wire has become a relatively trivial task. This can be a difficult task with the proliferation of network monitoring tools that are both easy to get and easy to use. A user name and password pair is still one of the best ways to authenticate a user, that is, as long as the password remains safe. Here are some of the important options which you can use to make Samba available to valid users and nearly impervious to everyone else. Samba has a long list of configuration options that allow you to fine-tune security to exactly what you need. Security is a balance between allowing the right people easy access to a resource and preventing unwanted interlopers from getting their hands on information you don’t want them to have. Learn how to take six important steps that will greatly increase the security of your Samba server.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |