[Samba] Samba4 user enumeration
Rowland Penny
rpenny at samba.org
Thu Nov 25 09:44:40 UTC 2021
On Thu, 2021-11-25 at 10:32 +0100, Denis CARDON wrote:
>
> Le 25/11/2021 à 10:24, Rowland Penny via samba a écrit :
> > On Thu, 2021-11-25 at 10:05 +0100, Denis CARDON via samba wrote:
> > > Hi Sebastian,
> > >
> > > Le 25/11/2021 à 09:15, Sebastian Mazur via samba a écrit :
> > > > Hi
> > > >
> > > > It has recently been brought to my attention that you can list
> > > > all
> > > > samba
> > > > users anonymously via enum4linux from Kali distribution.
> > > >
> > > > I tried to disable this by GPO by enabling Network access: Do
> > > > not
> > > > allow
> > > > anonymous enumeration of SAM accounts and shares security
> > > > policy
> > > > setting.
> > > >
> > > > With no effect.
> > > >
> > > > I use Samba in version 4.13.13 in Debian distribution.
> > > >
> > > > Is there anyway to disable it?
> > >
> > > please take a look at
> > > https://samba.tranquil.it/doc/en/samba_advanced_methods/samba_active_directory_higher_security_tips.html#turning-off-null-session-connections
> > >
> > > just add restrict anonymous = 2 to your smb.conf file.
> >
> > Or better still, upgrade to AD
>
> anonymous enumeration still works on Samba-AD 4.14 *by default*. I
> have
> not checked if the default has changed on 4.15.
Yes it does, but enum4linux will not, especially if you do not run
nmbd.
Rowland
More information about the samba
mailing list