I have an application (Veeam for M365) that doesn’t really support SMB shares for god knows what reason.
It does work if you simply enter an SMB share into the location of where you want it to create a repository, but there is no authentication
So, I made an SMB share and made it wide open. That works, but now I want to lock it down furhter
I tried to enter the “Allowed Hosts” field in the SMB share, but for whatever reason that then applied to ALL shares… Seems I hit a bug there or lack of proper documention
Can anyone think of a way to get this to be secure? Or secure-ish?
I can’t run Veeam as a service account, it breaks a bunch of features
You can set up a veracrypt container on the server side(veracrypt does not need to be installed on the server only at the endpoint) and make it available via smb and mount it locally on endpoint and then Veeam will see a regular local disk.
You can add smb + l/p to the endpoint without worrying about Veeam+smb.
So endpoint talks to smb and does l/p login.
Veracrypt at the endpoint mounts the container from the smb share available to the endpoint.
Veeam uses a local drive which is the veracrypt container. So you don’t have the Veeam+smb and you don’t have to set anything without l/p.
Even if an unauthorized person had access to this share, only what he sees is an encrypted data container.
In the end, you have encrypted container + smb l/p access…
Unfortunately, a reduction in performance is possible, but it requires testing to find out how much.
1 Like
Did you come up with something?