[Samba] 3.0.2a: SID, User Enumeration

Andrew Bartlett abartlet at samba.org
Sun Mar 7 21:20:02 GMT 2004

On Mon, 2004-03-08 at 02:51, fire-eyes wrote:
> I'm runninng samba 3.0.2a on a few machines, ADS security mode, domain 
> member roles. I throw nessus at it, and it can fetch the SID and then 
> list all of the users on the system.
> I view this as a security problem, is there a way to prevent this?

Firstly, nessus is a bit over-the-top at times.  That said, you may run
Samba in 'restrict anonymous' mode by setting the smb.conf parameter.

'restrict anonymous = 2' will keep nessus at bay, but also break any
network browsing function your machine may be playing.  You cannot set
this on a PDC.  See the manpage the and MS knowlege base articles
mentioned in it.

Andrew Bartlett

Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20040308/300af940/attachment.bin

More information about the samba mailing list