I am thinking about finally getting around to building a home backup server. So many questions. Since my client systems will be a mix of Windows and Linux (and possibly ESXi is/when I get around to building a lab server), and desktop and laptop will be dialoguing with the backup server via Wi-Fi, the authentication and network encryption thing is bugging me.
SMB3 and sshfs seem to have sufficient security, and I have read that Samba performing SMB3 has better throughput.
But I can't seem to find the handle on authentication. AFAICT, a Windows machine accessing a Samba server is going to do the NTLM thing, which is heartburn city even for NTLMv2.
What can be done to improve security for Windows clients? I ain't gonna run AD on my home network, so Kerberos is right out.
Linux appears to use smbclient to access a Samba server, with username/password being sent encrypted (hopefully!) by SMB3, and compared against the Samba user database. That doesn't bother me as much, assuming SMB3 is decently implemented.