Comments on: Create an Encrypted Samba Share

By: oes tsetnoc

oes tsetnoc — Sat, 26 Sep 2009 06:52:06 +0000

as a simple user on a netra 1, I took a lot of time to get “samba on SPARC/Solaris 10″ working. Your blog was very useful Thanx a lot

By: cjk

cjk — Mon, 09 Mar 2009 20:19:00 +0000

re jhansonxi: pam_mount cannot use truecrypt because tc is terribly broken with regards to its password prompt, leading to an infinite loop on EOF.
The safest solution for remote encryption is to create a plain dm-crypt image using pmt-ehd(8), export the crypto container, and then mount it on a remote Windows using FreeOTFE (or on Linux with dm-crypt).

By: jhansonxi

jhansonxi — Sun, 04 Jan 2009 05:02:20 +0000

Your title is a little misleading. To encrypt data to a Samba share you need “smb transport encryption” which is being added to Samba. For mounting the truecrypt volume at login you can use pam_mount (http://pam-mount.sourceforge.net/).

By: mike

mike — Sat, 03 Jan 2009 00:47:21 +0000

One of the aspects of truecrypt is that while the volume is active the data is not encrypted, thus over the wire on a Samba transfer a sniffer could retrieve the data like any other data transfer with Samba. However, when the volume is not mounted it is encrypted and thus offers additional protection against theft or access when the owner is not accessing the share….it certainly is not a perfect solution.

By: Phill Rogers

Phill Rogers — Fri, 02 Jan 2009 22:21:39 +0000

Perhaps I’m missing something but wouldn’t that scenario mean that any file which the Windows user opens will be decrypted on-the-fly between TrueCrypt and Samba before passing across the network with it’s unencrypted content visible to any network sniffer?