[Samba] Null sid enumeration
Bryan Payne
bpayne at speedfc.com
Fri Mar 12 15:15:58 MST 2010
I'm needing to prevent null sid enumeration for pci reasons. It's a samba pdc that authenticates against an openldap backend. I restrict anonymous set to 1 but I'm still able to pull sid's using cain. I've set it to 2, but as you might expect, no one could login via windows. On the ldap end, I restricted sambaSID attributes from being shown when searching anonymously, but that didn't help. What else can I do to prevent null sid enumeration?
More information about the samba
mailing list