NULL sessions - Listing shares anonymously - restrict anonymous
Andrew Bartlett
abartlet at samba.org
Mon Nov 18 07:01:00 GMT 2002
On Fri, 2002-11-15 at 19:40, Tim Potter wrote:
> On Fri, Nov 15, 2002 at 07:32:06PM +1100, Andrew Bartlett wrote:
>
> > > In the Samba HEAD and 3.0 branches however the parameter behaves more
> > > like the RestrictAnonymous registry setting. Only 'restrict anonymous = 1'
> > > is currently supported though.
> >
> > I'm going to do some research, and figure out exactly what 'restrict
> > anonymous = 2' does. If it denies all guest logins, then it is trivial
> > to implement.
>
> I'm pretty sure that's what it does. It would be nice to implement it
> in terms of security descriptors for the various rpc pipes.
Actually, it allows the session setup, but denies the tree connect to IPC$.
I'm about to commit a patch to this effect, but I wasn't sure about what
behavior we should have:
override all 'guest ok' settings for all shares
allow guest access to these shares, which implies guest IPC access (because
we allow IPC on all shares, not just IPC$ - at least that's my understanding)
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20021118/fd7993ba/attachment.bin
More information about the samba-technical
mailing list