[Samba] Prevent NULL Session
Andrew Bartlett
abartlet at samba.org
Wed Oct 2 04:49:00 GMT 2002
M Maki wrote:
>
> I have a couple of Samba (2.0.7 & 2.2.0) servers I scanned with Nessus and
> they reported a security hole of "Possible to login to the remote host using
> a NULL session" I have a couple of NT servers I disabled with a registry
> edit. Is there a way to prevent this on the Samba servers or is it evan a
> valid issue?
Samba HEAD starts to add some of this, but the manpage is compleatly
inaccurate...
Set 'restrict anonymous = 1' should get you the start.
I'm looking into how to best implement 'restrict anonymous = 2'.
In the meantime, if you set 'auth methods = sam' (for standalone
servers) then it will skip the 'guest' module, and deny all anonymous
connections. However, this will break browsing and other services.
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
More information about the samba
mailing list