Securing samba?

Charles Swiger cswiger at mac.com
Tue Sep 13 15:40:57 PDT 2005


On Sep 13, 2005, at 6:15 PM, Joachim Dagerot wrote:
> However, due to some windows clients in the network we are forced  
> to run samba. Are there any known security problems with that?

Windows networking does not have a great track record in terms of  
security, and Samba has had about a dozen security bugs over the past  
four years:

http://us1.samba.org/samba/history/security.html

This record is pretty decent considering the range of protocols they  
are dealing with, don't get me wrong, but I would not rely on the  
version of Samba available today being completely secure, either.

> Is there a way to tunnel the file traffic over SSH without any  
> trouble for the users?

Not short of setting up a full VPN, no.

> (It's ok to install keys etc on their machine, but they must only  
> be forced to login with the windows password).
>
> I guess my question are two:
>
> 1. Is samba safe enough to run on the LAN side of a machine that  
> are available from the internet only on port 22 and only for users  
> with a RSA key?

Samba is fine if restricted to a LAN with a firewall blocking the  
Windows ports like 135-139 TCP and UDP, 445, etc.

> 2. Is there a better file sharing system that works good for the  
> windows users than samba?

Not really.  You can set up PCNFS on the Windows boxes, but that  
doesn't work as well as Samba does...

-- 
-Chuck



More information about the freebsd-questions mailing list