[PATCH] Update 'restrict anonymous' in smb.conf.5 manpage
Andreas Schneider
asn at samba.org
Thu Feb 7 07:18:59 UTC 2019
On Wednesday, February 6, 2019 6:31:17 PM CET Denis Cardon wrote:
> Hi Andreas,
Hi Denis,
> > I had some questions about this options so I've looked at the code and
> > updated the manpage accordingly.
> >
> > Review is much appreciated.
>
> ---
> <value type="default">0</value>
> ---
>
> It would be great if we could have this value switched to 2 by default
> (at least for domain controllers).
>
> SAMR Anonymous access is red flagged by vulnerability scanner as it
> allows to get the list of domain users and groups without any
> authentication. It sadly does not give a nice perception of Samba AD
> when people forget to change it and then discover their blunder during
> their next security audit :-)
this option is probably more than 15 years old. It *only* affects smbd and is
NOT implemented in Samba AD!
If you want to have support for this you should open a bug for the issue.
Also I don't think hat hiding the IPC$ share provides any security at all as
there are several RPC services which are available over TCP/IP too.
Cheers,
Andreas
--
Andreas Schneider asn at samba.org
Samba Team www.samba.org
GPG-ID: 8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D
More information about the samba-technical
mailing list