Security Basics mailing list archives
Re: Samba
From: "Edward Monteiro" <monteiro_edward () hotmail com>
Date: Fri, 28 Nov 2003 12:21:23 -0300
Jack, Go to http://us1.samba.org/samba/docs/Samba-HOWTO-Collection.pdf , page 39 , and see Server Types and security modes. Edward monteiro_edward () hotmail com Brasil este é o lugar. ----- Original Message ----- From: "Depp, Dennis M." <deppdm () ornl gov> To: "Jack Solomon" <solzjack43 () hotmail com>; <security-basics () securityfocus com> Sent: Thursday, November 27, 2003 5:06 PM Subject: RE: Samba Not sure as I don't consider SAMBA to have a lot of security concerns. I would also look at who has security concerns with SAMBA. If it is a Windows Admin, I would be skeptical. If it is a Unix admin I would listen more closely. Keep in mind the older versions only support NTLMv2 and if it is not configured properly, it could use NTLM. I'm not sure if the new versions are setup to use Kerberos or not. I'm also not sure if the SAMBA server updates its password when used with a Windows domain or not. SAMBA is probably more secure than many of the NAS devices that are currently available, particularly the ones running a proprietary OS. Denny -----Original Message----- From: Jack Solomon [mailto:solzjack43 () hotmail com] Sent: Thursday, November 27, 2003 10:17 AM To: security-basics () securityfocus com Subject: Samba what are the security concerns over Samba? Someone told me that its a real bad idea security-wise but noone can tell me why... Jack _________________________________________________________________ Use MSN Messenger to send music and pics to your friends http://www.msn.co.uk/messenger ------------------------------------------------------------------------ --- ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- ---------------------------------------------------------------------------- --------------------------------------------------------------------------- ----------------------------------------------------------------------------