Securing samba?
Charles Swiger
cswiger at mac.com
Tue Sep 13 15:40:57 PDT 2005
On Sep 13, 2005, at 6:15 PM, Joachim Dagerot wrote:
> However, due to some windows clients in the network we are forced
> to run samba. Are there any known security problems with that?
Windows networking does not have a great track record in terms of
security, and Samba has had about a dozen security bugs over the past
four years:
http://us1.samba.org/samba/history/security.html
This record is pretty decent considering the range of protocols they
are dealing with, don't get me wrong, but I would not rely on the
version of Samba available today being completely secure, either.
> Is there a way to tunnel the file traffic over SSH without any
> trouble for the users?
Not short of setting up a full VPN, no.
> (It's ok to install keys etc on their machine, but they must only
> be forced to login with the windows password).
>
> I guess my question are two:
>
> 1. Is samba safe enough to run on the LAN side of a machine that
> are available from the internet only on port 22 and only for users
> with a RSA key?
Samba is fine if restricted to a LAN with a firewall blocking the
Windows ports like 135-139 TCP and UDP, 445, etc.
> 2. Is there a better file sharing system that works good for the
> windows users than samba?
Not really. You can set up PCNFS on the Windows boxes, but that
doesn't work as well as Samba does...
--
-Chuck
More information about the freebsd-questions
mailing list