[Samba] Prevent NULL Session

Andrew Bartlett abartlet at samba.org
Wed Oct 2 04:49:00 GMT 2002

M Maki wrote:
> I have a couple of Samba (2.0.7 & 2.2.0) servers I scanned with Nessus and
> they reported a security hole of "Possible to login to the remote host using
> a NULL session" I have a couple of NT servers I disabled with a registry
> edit. Is there a way to prevent this on the Samba servers or is it evan a
> valid issue?

Samba HEAD starts to add some of this, but the manpage is compleatly

Set 'restrict anonymous = 1' should get you the start.

I'm looking into how to best implement 'restrict anonymous = 2'.

In the meantime, if you set 'auth methods = sam' (for standalone
servers) then it will skip the 'guest' module, and deny all anonymous
connections.  However, this will break browsing and other services.

Andrew Bartlett

Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net

More information about the samba mailing list