Thanks for helpful comments and suggestions.
In our situation we can't use smbclient -e because the data sources
are not Samba/Linux, they're running various versions of Windows.
But also, what we're doing is not file access but event log access.
We aren't using CIFS but calling into ndr subroutines. As I said, we
are using Samba code, not just being Samba users.
The behaviour is this. When connecting and retrieving event logs
(using dcerpc_eventlog_ReadEventLogW and friends) the traffic is
encrypted when talking to e.g. Windows 2000 (I think actually
anything before Win2003 SP 2) but unencrypted when talking e.g. to
Server 2008. We are, of course, never talking to Samba servers as
such.
Authorization seems to be encrypted in both cases, that isn't the issue.
(We are on Samba 4 for some purposes. In Samba 4, there's a torture
test covering the event log API that exhibits the same behaviour we
have seen by our client.)
A Malton
--
Dr. Andrew Malton
eā¢sentire Critical Security Solutions
260 Holiday Inn Drive Building "A" Suite 29
Cambridge
Canada N3C 4E8
AIM:ajmal...@mac.com
tel: +1 519 651 2299 x 119
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
