[Samba] samba4 anonymous ldap search
mourik jan heupink
heupink at merit.unu.edu
Mon Jan 20 01:35:52 MST 2014
Hi Rowland and Chan,
Thanks for your replies.
MJ
On 01/17/2014 04:07 PM, Chan Min Wai wrote:
> I think I've just ask this question on the chat room before.
>
> This is the same implementation on win AD.
>
> SAMBA 4 AD merely duplicate that implementation.
>
> If you want to change that. You might want to change how M$ do it ;)
>
> Thank you.
>
> Regards,
> Chan Min Wai
>
>> Rowland Penny <rowlandpenny at googlemail.com> 於 17/01/2014 10:47 PTG 寫道:
>>
>>> On 17/01/14 13:49, mourik jan heupink wrote:
>>> Hi,
>>>
>>> I found some discussion here in 2010 about allowing/disallowing anonymous ldap access in samba4, however, nothing much recent comes up.
>>>
>>> I see that my samba4 does not allow anonymous access. Is there a way to enable it in samba4, like the way we had it with samba3/openldap?
>>>
>>> (we restricted access to sensitive info, but allowed anon search access to many user details like mail addresses, etc, etc)
>>>
>>> Regards,
>>> MJ
>> Hi, whilst you cannot do anonymous access, what your users can do is read the entire AD database:
>>
>> ldapsearch -x -H ldap://dc.example.com:389 -b DC=example,DC=com -D CN=username,CN=Users,DC=example,DC=com -w usernames-password
>>
>> This is from a linux machine, but no doubt it is possible to do something similar from a windows box
>>
>> Rowland
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list