null session %U expansion (patch)

Luke Kenneth Casson Leighton lkcl at
Fri Oct 30 19:08:22 GMT 1998

> If you don't think it's desired behaviour then what name
> to do want %U to map to when SMB packets come in that
> are from an anonymous session ?

this is not quite the right question.

the behaviour (incorrect behaviour) we are seeing is when you get this:

- null connection to ipc$
- Netwkstagetinfo call
- auth connection either another sessetupX or a tconX with user

the behaviour (correct behaviour) occurs when:

- auth connection (sessetupX with username etc) plus tconX to a share
- null connection (tconX to ipc$)
- netwkstagetinfo call

the behaviour is caused by microsoft's "breaking" of the domain rules,
which were added so that lose95 and other non-nt-domain clients could
browse nt domain machines anonymously.

however, they must be compatible with nt 3.1 and nt 3.5/3.51 which do not
allow such anonymous connections.

therefore, if we refuse anonymous connections, then clients will
"revalidate" with a non-anonymous connection (usr, pass, domain)
immediately, and _then_ do a netwkstagetinfo call, and we will be in a
position to respond correctly.

can we add a "restrict anonymous" option to refuse all null session
connections, which i believe will fix this problem once and for all: we've
been over and over this for approximately eighteen months, it keeps coming


More information about the samba-ntdom mailing list