Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Samba without insecurity?' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Samba without insecurity?
Authored by: TheSpoonman on Mar 08, '05 12:59:46PM

Considering this turns off some significant security stuff, has anyone tried upgrading the version of Samba that comes with OSX? Does anyone know if such an in-place upgrade has been attempted? Samba can now handle being a member of an AD, with AD kerberos tickets, SMB signing (required in 2003) and encrypted passwords. I realize most people aren't going to require these things at home, but in a corporate environment, turning off security to accomodate down-level clients is never a good idea.

---
Answering the age-old question: which is more painful, going to work or gouging your eye out with a spoon?
www.workorspoon.com



[ Reply to This | # ]
Samba without insecurity?
Authored by: extra88 on Mar 08, '05 01:55:13PM

Samba in OS X 10.3 is currently version 3.0.5 which should be new enough to support all these features. However in my opinion most people can be satisfied with NTLMv2 only and don't need to figure out SMB signing (which this tip is about). I don't think Win98 or NT support SMB signing so OS X clients are not alone. My guess is use of Kerberos requires somehow joining Mac clients to the AD domain.

FYI, OS X 10.2 has Samba 2.2.3a (plus patches). I'm not certain but I think it only supports NTLM, not NTLMv2. As time goes by, it's a lot less likely that Apple will issue an update for OS X 10.2 that would break a self-installed upgrade to Samba but it's still a risk.



[ Reply to This | # ]
Samba without insecurity?
Authored by: s_groening on Mar 08, '05 03:15:19PM

Having tried setting up Mac OS X clients to work with Kerberos and W2K3 AD servers and relying on password encryption and smb signing to work for the Mac OS X clients (Samba v.3.05) I am sad to say that I have had very little, if any, success client wise. On my XServe everything worked server wise: W2K and XP clients easily accessed shares on the XServe using Kerberos authentication, however, none of the samba clients could do the same 'to' the AD servers....

I have never tried actually replacing the built-in Samba 3.05 with the darwinports version, 3.0.11 and retried the magic....



[ Reply to This | # ]