and no man page for psec in SAMBA_2_2
Jean Francois Micouleau
Jean-Francois.Micouleau at dalalu.fr
Fri May 3 00:56:07 GMT 2002
On Fri, 3 May 2002, Richard Sharpe wrote:
> > btw, Tim, the restricted anonymous enumeration "feature" you had with W2K
> > and winbind, the policy code in w2k is changing the SD on the LSA pipe.
>
> Can you explain that some more? Do you mean that Win2K implements it by
> placing an SD on the LSA pipe?
yes. I guess I shouldn't reply before having a coffee.
There is a SD on the LSA pipe. It's used to control all the LSA functions
exactly like on the SPOOLSS pipe. And on the SAM pipe, that's the same.
If you want to check, a nice tool is lsaacl from todd sabbin at
razor.bindview.com. Run it against a W2K box and a NT4 box and compare the
SD. If the restric anonymous policy stuff is checked, you will see that
a ACL for everyone is there or not.
J.F.
More information about the samba-technical
mailing list