Samba TLS Setup
I'm reading this Samba Manpage and according to this, you can setup TLS. I've got 2 questions.
- On the Server-side, TLS options requires the path of the certificate and keys?
- How would that work on the client-side? How can I see that it would negotiate with the TLS? It's not like it would show a green padlock like that in a web browser.
We have several windows machines and we're running Samba on Ubuntu 14.04 to share files. Currently running Samba version 4.3.9.
I'm not 100% clear on what you want to do, but some general information:
The main use for TLS in SAMBA is to do LDAP over SSL - LDAPS.
By default, LDAP connections aren't secured. If you have some application that can use LDAP to authenticate against a SAMBA DC, all the information is going to go back and forth between that application and the DC in the clear. But if you enable TLS on the SAMBA server and if the application supports TLS, then all the LDAP communication will be encrypted.
The information on the SAMBA Wiki for setting up LDAPS is here.
That link answers your first question: yes, your smb.conf will need to include the paths to your cert and key files.
It's your second question I'm unclear on... if you're asking whether configuring TLS will encrypt your access to file shares, then the answer is no, it won't.
For SMB 2.0, the only way to have the traffic encrypted is with IPSEC or similar. But as one of the answers to that question says, SMB 3.0 does support transport encryption, but I can't tell from the Samba Wiki pages (e.g. this one) how SMB 3.0 encryption works in Samba.