Search:
  University Web Sites

  Computing
  Services:
  Home
  About Us
  FAQs
  Office of Information
    Technology (OIT)

  Jump to:
  Camden Campus
  Camden Web Mail
  myRutgers Portal
  RU Libraries
  RU Main

  Questions
  Comments

Camden Computing Services
 

S50-1331 Using Stunnel to Encrypt Samba Connections 11/25/2002

Using Stunnel to Encrypt Samba Connections
Computing Services Information Document PC/Unix

Samba is a UNIX daemon that listens for connections from a PC client to mount UNIX home directories. This is the mechanism that allows lab, office, dorm, and home users to access their home directories, which reside on the UNIX servers clam and crab, from their PC as if they were a local drive. Samba however requires the user to authenticate, and the username and password supplied are passed unencryptded over the network. This creates a possibility for hackers listening to the network traffic to recover your username and password. To prevent this a program known as Stunnel can be setup on your PC to encrypt the traffic going between your PC and the server using a type of encryption knwon as SSL. This means that your username, password, and all data that is transmitted cannot be read by anyone "sniffing" the network traffic.


How To Setup Stunnel on your Home/Dorm/Office PC

1.) Place the following files into a directory on your PC (c:\stunnel is recommended)
  • stunnel-4.00.exe
  • stunnel.pem
  • stunnel.conf
  • stunnel.log
  • openssl.exe
    		•

    2.) Place the following files into c:\windows\system
  • libeay32.dll
  • libssl32.dll
    		•

    3.) Add the following lines into c:\windows\systems32\drivers\etc\hosts if you are using Windows 2000/XP or place them into c:\windows\hosts if you are using Windows 98. The hosts.sam file in these directories should not be used
  • 127.0.0.1             localhost
  • 127.0.0.2             crab_ssl
  • 127.0.0.3             clam_ssl
  • 165.230.111.194 crab.rutgers.edu     crab
  • 165.230.99.70     clam.rutgers.edu    clam
    		•

    4.) Add the following lines into c:\windows\system32\drivers\etc\lmhosts if you are using Windows 2000/XP or place them into c:\windows\lmhosts if you are using Windows 98. The lmhosts.sam file in these directories should not be used
  • 127.0.0.1             localhost
  • 127.0.0.2             crab_ssl
  • 127.0.0.3             clam_ssl
  • 165.230.111.194 crab
  • 165.230.99.70     clam
    		•

    5.) Add the following line into c:\windows\system32\drivers\etc\services if you are using Windows 2000/XP or place them into c:\windows\services if you are using Windows 98. The services.sam file in these directories should not be used
  • smbossl     939/tcp     # Samba over SSL via Stunnel
    		•

    6.) To allow Stunnel to startup automatically as a service
  • Run "c:\stunnel\stunnel-4.00 -install"
  • Or if you choose, it can be run manually for each session that you wish to mount servers by running "c:\stunnel\stunnel-4.00">
    		•

    7.) If you choose to setup Stunnel to not display an icon in the system tray or taskabar
  • Run "services.msc"
  • Choose Stunnel
  • Set it to not "Interact With the Desktop"
    		•

    8.) If you are running:
  • Windows 2000/XP : Download plaintxt2000.reg to your desktop and double click on it.
  • Windows 98/98se : Download ptxt_on.inf to your desktop. Next right click on the icon and select "install"

    		•
    9.) Reboot the system
    10.) To mount your home directory
  • Start Stunnel if it was not started up automatically as a service
  • Mount your home directory as you normally would, replacing the server names "clam" with "clam_ssl" and "crab" with "crab_ssl"
  • Methods for mounting your homedirectory can be found here: S50-4030_dhcp
    		•


    Questions/comments regarding Camden Computing Services or this web site
    can be directed to: help@camden.rutgers.edu.
    Last updated: November 17, 2005, 10:33 EST.
    © 2005-2010 Rutgers, The State University of New Jersey. All rights reserved.