[Samba] prevent normal users from getting userlist
Andrew Bartlett
abartlet at samba.org
Mon Oct 3 05:01:05 GMT 2005
On Sun, 2005-10-02 at 13:09 +0200, Florian Effenberger wrote:
> Hello,
>
> I run Samba 3.0.20a with Windows XP Professional SP2 client. I found out
> that when a normal (i.e. not domain administrator) user runs the old
> Windows NT 4 user client, it can retrieve the whole list of usernames
> and fullnames.
>
> Can that be prohibited in any way?
Not without breaking functionality. See, any user should be able to run
the ACL editor, and assign rights to users and groups.
You could modify code to lock this down, but I would be worried about
the consequences, as well as what other mean (direct LDAP query, for
example) you would also need to lock down.
I know this is difficult in strict privacy environments.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Samba Developer, SuSE Labs, Novell Inc. http://suse.de
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20051003/a83fbe01/attachment.bin
More information about the samba
mailing list