NULL sessions - Listing shares anonymously - restrict anonymous

Andrew Bartlett abartlet at
Mon Nov 18 07:01:00 GMT 2002

On Fri, 2002-11-15 at 19:40, Tim Potter wrote: 
> On Fri, Nov 15, 2002 at 07:32:06PM +1100, Andrew Bartlett wrote:
> > > In the Samba HEAD and 3.0 branches however the parameter behaves more
> > > like the RestrictAnonymous registry setting.  Only 'restrict anonymous = 1' 
> > > is currently supported though.
> > 
> > I'm going to do some research, and figure out exactly what 'restrict
> > anonymous = 2' does.  If it denies all guest logins, then it is trivial
> > to implement.
> I'm pretty sure that's what it does.  It would be nice to implement it 
> in terms of security descriptors for the various rpc pipes.

Actually, it allows the session setup, but denies the tree connect to IPC$.

I'm about to commit a patch to this effect, but I wasn't sure about what 
behavior we should have:

override all 'guest ok' settings for all shares

allow guest access to these shares, which implies guest IPC access (because
we allow IPC on all shares, not just IPC$ - at least that's my understanding)

Andrew Bartlett

Andrew Bartlett                                 abartlet at
Manager, Authentication Subsystems, Samba Team  abartlet at
Student Network Administrator, Hawker College   abartlet at
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the samba-technical mailing list