[Samba] 3.0.2a: SID, User Enumeration
Andrew Bartlett
abartlet at samba.org
Sun Mar 7 21:20:02 GMT 2004
On Mon, 2004-03-08 at 02:51, fire-eyes wrote:
> I'm runninng samba 3.0.2a on a few machines, ADS security mode, domain
> member roles. I throw nessus at it, and it can fetch the SID and then
> list all of the users on the system.
>
> I view this as a security problem, is there a way to prevent this?
Firstly, nessus is a bit over-the-top at times. That said, you may run
Samba in 'restrict anonymous' mode by setting the smb.conf parameter.
'restrict anonymous = 2' will keep nessus at bay, but also break any
network browsing function your machine may be playing. You cannot set
this on a PDC. See the manpage the and MS knowlege base articles
mentioned in it.
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20040308/300af940/attachment.bin
More information about the samba
mailing list