[Samba] samba4 anonymous ldap search
Rowland Penny
rowlandpenny at googlemail.com
Fri Jan 17 07:47:26 MST 2014
On 17/01/14 13:49, mourik jan heupink wrote:
> Hi,
>
> I found some discussion here in 2010 about allowing/disallowing
> anonymous ldap access in samba4, however, nothing much recent comes up.
>
> I see that my samba4 does not allow anonymous access. Is there a way
> to enable it in samba4, like the way we had it with samba3/openldap?
>
> (we restricted access to sensitive info, but allowed anon search
> access to many user details like mail addresses, etc, etc)
>
> Regards,
> MJ
Hi, whilst you cannot do anonymous access, what your users can do is
read the entire AD database:
ldapsearch -x -H ldap://dc.example.com:389 -b DC=example,DC=com -D
CN=username,CN=Users,DC=example,DC=com -w usernames-password
This is from a linux machine, but no doubt it is possible to do
something similar from a windows box
Rowland
More information about the samba
mailing list