[Samba] Prevent NULL Session

Andrew Bartlett abartlet at samba.org
Wed Oct 2 04:49:00 GMT 2002


M Maki wrote:
> 
> I have a couple of Samba (2.0.7 & 2.2.0) servers I scanned with Nessus and
> they reported a security hole of "Possible to login to the remote host using
> a NULL session" I have a couple of NT servers I disabled with a registry
> edit. Is there a way to prevent this on the Samba servers or is it evan a
> valid issue?

Samba HEAD starts to add some of this, but the manpage is compleatly
inaccurate...

Set 'restrict anonymous = 1' should get you the start.

I'm looking into how to best implement 'restrict anonymous = 2'.

In the meantime, if you set 'auth methods = sam' (for standalone
servers) then it will skip the 'guest' module, and deny all anonymous
connections.  However, this will break browsing and other services.

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net



More information about the samba mailing list