[Samba] is this is a problem?
Andrew Bartlett
abartlet at samba.org
Fri Nov 22 02:25:01 GMT 2002
On Fri, 2002-11-22 at 08:00, Andrew Bartlett wrote:
> On Fri, 2002-11-22 at 07:42, SALOME Alexandre wrote:
> > Hi,
> > this is a ploblem? (of /usr/local/samba/lib/var/log/log.xxxxxx)
> >
> >
> > 2002/11/21 17:41:02, 0] smbd/nttrans.c:(1762)
> > call_nt_transact_ioctl: Currently not implemented.
> > 2002/11/21 17:41:06, 0] smbd/reply.c:(888)
> > restrict anonymous is True and anonymous connection attempted. Denying
> > access.
>
> Don't set 'restrict anonymous' in 2.2 - it is completely broken, and
> does break things...
To clarify this a little. 'restrict anonymous' in 2.2 behaves exactly
as per the manpage. This isn't what most people expect, and has all the
side-effects described in the manpage.
In Samba 3.0, we have implemented 'restrict anonymous' in terms of the
MS registry key of the same name. The new behavior increases system
security by restricting anonymous access to information.
This is what people expect that setting to do, and should help to reduce
some confusion. (This is also why I called the 2.2 code broken - it
sounds like a security setting, but in 2.2 it doesn't provide a security
benefit)
Unfortunately the documentation there hasn't caught up, but I'll at
least remove the erroneous part when I commit support for 'restrict
anonymous = 2' shortly. (Getting all this fixed is one of the big
things we need to audit before 3.0 goes gold).
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20021122/41508920/attachment.bin
More information about the samba
mailing list