[Samba] Results of nessus scan

Andrew Bartlett abartlet at samba.org
Thu Dec 25 07:25:37 GMT 2003

On Wed, 2003-12-17 at 13:40, Jonas Carlsson wrote:
>    James R. Trater wrote:
>  > Try setting:
>  > guestaccount = NULL
>  > and
>  > restrict anonymous = yes
>  > in you smb.conf
>  > I had the same problem, and this solved it for me.
> Just for the records; it really did the trick.
> Nessus reports nothing now!

Also for the record, we strongly recommend against this.  Instead, run
Samba 3.0 and set 'guest account = nobody', if nobody is a valid user,
and set 'restrict anonymous = 2' if you are not running a PDC, and not
performing any browsing services.

'restrict anonymous' had no security benifit in Samba 2.2, but may have
fooled the scanner.

Andrew Bartlett

Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20031225/492fe791/attachment.bin

More information about the samba mailing list