Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Linux
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Samba vs NFS

from [Randy Williams] Network Security [Permanent Link]
Subject: Re: Samba vs NFS
Date: Tue, 22 Feb 2005 13:24:24 -0500 
Greetings All,

I stand corrected, Samba 3 can join a Windows AD domain as a member server, but only with the AD in mixed mode.

See below for more details.

http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-pdc.html#id2538831
http://www.enterpriseitplanet.com/networking/features/article.php/11315_2246911_2
http://www.phptr.com/articles/article.asp?p=169560&seqNum=3

That being said, I have seen and used Samba 3 to be able to serve as the authorization/authentication host for small Windows 2000/XP networks and it works very well. Note I said "small" (10-50 machines) where the network is fairly straight-forward (engineering development for example). My implementations may not have been the best either, as my understanding of exactly how AD works is not perfect.

This application may not be what the poster needs however, and I appreciate the correction.

RandyW

Michael Bartosh (local Account) wrote:


On Feb 22, 2005, at 7:13 AM, Randy Williams wrote:

Since Samba 3.0 came out, Samba has been able to imitate a Full Windows 2000 Active Directory domain and is quite powerful.


Nope, this is a focus of Samba 4 / TNG / Whatever.. Samba 3 can only participate in an AD Domain, supporting kerberized authentication.

As long as you're using Kerberos (assuming a strong enc typ; the default iirc is ArcFour for AD, which should be fine) or even NTLMv2 (corresponding to an lm security setting of 5 on the AD side) you should be relatively secure on the authentication front. Encrypted transport is another matter.

There's really no good, easily supportable way to do this without a real VPN. Unless your users are relatively sophisticated ssh tunneling is very cumbersome to support...no UDP support (oops NFS is mostly out) unless you do ppp over the ssh tunnel which is an order of magnitude more complicated..

__
Michael Bartosh
Essential Mac OS X Server Administration
O'Reilly, forthcoming
http://www.pantherserver.org/buy




[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Samba vs NFS, Raul Dias
Next by Date:  RES: Samba vs NFS, Thiago Lima
Previous by Thread:  Re: Samba vs NFS, Michael Bartosh (local Account)
Next by Thread:  Re: Samba vs NFS, Jacob Bresciani
Indexes:  [Date] [Thread] [Top] [All Lists]