[Samba] 3.0.2a: SID, User Enumeration

fire-eyes sgtphou at fire-eyes.dynup.net
Sun Mar 7 22:42:31 GMT 2004

Andrew Bartlett wrote:
> On Mon, 2004-03-08 at 02:51, fire-eyes wrote:
>>I'm runninng samba 3.0.2a on a few machines, ADS security mode, domain 
>>member roles. I throw nessus at it, and it can fetch the SID and then 
>>list all of the users on the system.
>>I view this as a security problem, is there a way to prevent this?
> Firstly, nessus is a bit over-the-top at times.  That said, you may run
> Samba in 'restrict anonymous' mode by setting the smb.conf parameter.
> 'restrict anonymous = 2' will keep nessus at bay, but also break any
> network browsing function your machine may be playing.  You cannot set
> this on a PDC.  See the manpage the and MS knowlege base articles
> mentioned in it.
> Andrew Bartlett

Setting it to 2 did exactly what I was looking for, thanks. Thanfully it 
isn't a PDC.

More information about the samba mailing list