[Samba] 3.0.2a: SID, User Enumeration
fire-eyes
sgtphou at fire-eyes.dynup.net
Sun Mar 7 22:42:31 GMT 2004
Andrew Bartlett wrote:
> On Mon, 2004-03-08 at 02:51, fire-eyes wrote:
>
>>I'm runninng samba 3.0.2a on a few machines, ADS security mode, domain
>>member roles. I throw nessus at it, and it can fetch the SID and then
>>list all of the users on the system.
>>
>>I view this as a security problem, is there a way to prevent this?
>
>
> Firstly, nessus is a bit over-the-top at times. That said, you may run
> Samba in 'restrict anonymous' mode by setting the smb.conf parameter.
>
> 'restrict anonymous = 2' will keep nessus at bay, but also break any
> network browsing function your machine may be playing. You cannot set
> this on a PDC. See the manpage the and MS knowlege base articles
> mentioned in it.
>
> Andrew Bartlett
>
Setting it to 2 did exactly what I was looking for, thanks. Thanfully it
isn't a PDC.
More information about the samba
mailing list