[CDBUG-talk] samba encryption

Steve Moon steve.moon at gmail.com
Tue Mar 1 22:40:40 EST 2005


> >
> >
> VPN   / IPSec?
> 

Well, that's just it. Looks like if I have windows 200X servers and
Windows XP (maybe 2000) clients, I can enforce an IPSec-only
communication, and specify that either or both of AH (header) and ESP
(payload) encryption/signatures are used.

This seems unlikely to interoperate with BSD/Linux/etc. hosts running
Samba, which since that's where our file sharing is mostly done from
constitutes half of the connection.

I know RPI has hacked together a working kerberos setup on BSD that
interoperates with windows AD. Just wondering if anyone knows if there
is a way for BSD/Linux/etc. to interoperate with Microsoft IPSec-only
connections.

Certain elements within my company think that everything should be
encrypted over the wire, which can be done for a lot of things -- SSL
for web, SSH for telnet, SCP/SFTP for FTP, etc. Windows file sharing
doesn't seem to be one of these things, short of trusting (!) the
microsoft IPSec thing -- I'm not even at the point of testing it and
looking at the traffic with tcpdump to see if it's really encrypting
at all. Assuming it does, then I'm faced with the spectre of trowing
out my non-microsoft infrastructure.

Any help/thoughts appreciated.
Thanks-
Steve-
 

> AFAIK that would be the only way to do it,  besides manual
> ecpryption/decryption, but since I don't do all that much with SMB there
> is a chance I acould be wrong :)  I am assuming you are using a variant
> of Windows based on Drive Paths  You could build an IPSec tunnel betweek
> the 2 machines, or are you looking for a a network wide way (IE copying
> between 2 arbritrary machines)?
> 
> -Patrick
> 
>



More information about the CDBUG-talk mailing list