O'Reilly logo

Using Samba by Peter Kelly, David Collier-Brown, Robert Eckstein

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Setting Up SSL Proxy

The SSL Proxy program is available as a standalone binary or as source code. You can download it from http://obdev.at/Products/sslproxy.html.

Once it is downloaded, you can configure and compile it like Samba. We will configure it on a Windows NT system. However, setting it up for a Unix system involves a nearly identical series of steps. Be sure that you are the superuser (administrator) for the next series of steps.

If you downloaded the binary for Windows NT, you should have the following files in a directory:

  • cygwinb19.dll

  • README.TXT

  • sslproxy.exe

  • dummyCert.pem

The only one that you will be interested in is the SSL Proxy executable. Copy over the phoenix.pem and phoenix.key files that you generated earlier for the client to the same directory as the SSL proxy executable. Make sure that the directory is secure from the prying eyes of other users.

The next step is to ensure that the Windows NT machine can resolve the NetBIOS name of the Samba server. This means that you should either have a WINS server up and running (the Samba server can perform this task with the wins support = yes option) or have it listed in the appropriate hosts file of the system. See Chapter 7, for more information on WINS server.[26]

Finally, start up SSL Proxy with the following command. Here, we assume that hydra is the name of the Samba server:

# C:\SSLProxy>sslproxy -l 139 -R hydra -r 139 -n -c phoenix.pem -k phoenix.key

This tells SSL Proxy to listen for connections to port 139 and relay those requests to port 139 on the NetBIOS machine hydra. It also instructs SSL Proxy to use the phoenix.pem and phoenix.key files to generate the certificate and keys necessary to initiate the SSL connection. SSL Proxy responds with:

Enter PEM pass phrase:

Enter the PEM pass phrase of the client keypair that you generated, not the certificate authority. You should then see the following output:

SSL: No verify locations, trying default
proxy ready, listening for connections

That should take care of the client. You can place this command in a startup sequence on either Unix or Windows NT if you want this functionality available at all times. Be sure to set any clients you have connecting to the NT server (including the NT server itself) to point to this server instead of the Samba server.

After you’ve completed setting this up, try to connect using clients that proxy through the NT server. You should find that it works almost transparently.



[26] If you are running SSL Proxy on a Unix server, you should ensure that the DNS name of the Samba server can be resolved.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required