[Samba] Samba 3: "restrict anonymous = 2" breaks domain joining
Marek Szuba
scriptkiddie at wp.pl
Tue Dec 20 22:46:10 GMT 2005
On Sun, 18 Dec 2005 19:18:41 -0800
Andrew Bartlett <abartlet at samba.org> wrote:
> Samba3 (due to NT4 protocol limitations) doesn't support being a DC and having > 'restrict anonymous = 2' set.
Right, gotta stick with 1 then. Thanks for clearing it up.
> It is the other way around. If you set 'restrict anonymous = 2', then
> you cannot get to a share as a guest, even with 'guest ok = yes', as the
> anonymous connection has already been denied.
Makes sense... Still, the manpage (both in 3.0.14a-Debian and 3.0.20b)
states the opposite. Let me dig up appropriate quotes:
- in "guest ok" entry, line 1732: "this setting nullifies the benefits
of setting restrict anonymous = 2"
- in "restrict anonymous" entry, line 3963: "the security advantage of
using restrict anonymous = 2 is removed by setting guest ok = yes on
any share"
Cheers,
--
MS
More information about the samba
mailing list