[Samba] prevent normal users from getting userlist

Andrew Bartlett abartlet at samba.org
Mon Oct 3 05:01:05 GMT 2005

On Sun, 2005-10-02 at 13:09 +0200, Florian Effenberger wrote:
> Hello,
> I run Samba 3.0.20a with Windows XP Professional SP2 client. I found out
> that when a normal (i.e. not domain administrator) user runs the old
> Windows NT 4 user client, it can retrieve the whole list of usernames
> and fullnames.
> Can that be prohibited in any way?

Not without breaking functionality.  See, any user should be able to run
the ACL editor, and assign rights to users and groups.

You could modify code to lock this down, but I would be worried about
the consequences, as well as what other mean (direct LDAP query, for
example) you would also need to lock down.

I know this is difficult in strict privacy environments.  

Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Samba Developer, SuSE Labs, Novell Inc.        http://suse.de
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20051003/a83fbe01/attachment.bin

More information about the samba mailing list