[PATCH] Update 'restrict anonymous' in smb.conf.5 manpage

Andreas Schneider asn at samba.org
Thu Feb 7 07:18:59 UTC 2019


On Wednesday, February 6, 2019 6:31:17 PM CET Denis Cardon wrote:
> Hi Andreas,

Hi Denis,
 
> > I had some questions about this options so I've looked at the code and
> > updated the manpage accordingly.
> > 
> > Review is much appreciated.
> 
> ---
> 	 <value type="default">0</value>
> ---
> 
> It would be great if we could have this value switched to 2 by default
> (at least for domain controllers).
> 
> SAMR Anonymous access is red flagged by vulnerability scanner as it
> allows to get the list of domain users and groups without any
> authentication. It sadly does not give a nice perception of Samba AD
> when people forget to change it and then discover their blunder during
> their next security audit :-)

this option is probably more than 15 years old. It *only* affects smbd and is 
NOT implemented in Samba AD!

If you want to have support for this you should open a bug for the issue.

Also I don't think hat hiding the IPC$ share provides any security at all as 
there are several RPC services which are available over TCP/IP too.


Cheers,


	Andreas

-- 
Andreas Schneider                      asn at samba.org
Samba Team                             www.samba.org
GPG-ID:     8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D





More information about the samba-technical mailing list