[Samba] Can I allow anonymous LDAP binding to samba 4.1 AD ?

Bob of Donelson Trophy bob at donelsontrophy.net
Thu Jan 22 11:11:45 MST 2015


Thanks, Mark. 



Bob Wooden of Donelson Trophy

615.885.2846 (main)
www.donelsontrophy.com [3]

"Everyone deserves an award!!"

On 2015-01-22 11:52, Marc Muehlfeld wrote: 

> Am 22.01.2015 um 17:19 schrieb John Yocum:
> When I change dsHeuristics=0000002001001 like M$ said: https://technet.microsoft.com/en-us/library/cc816788%28v=ws.10%29.aspx [1] Not works. I've got anonymous binds enabled, using the instructions at http://www.petri.com/anonymous_ldap_operations_in_windows_2003_ad.htm [2]

But everyone should really think about if it's a good idea to allow
anonymous bind to AD. MS had a good reason to disable this already in
Server 2003 by default!

It's better to create an AD user, and use that one for the LDAP bind.


[3] http://www.donelsontrophy.com

More information about the samba mailing list