[Samba] samba 4.2.1 RDP && restrict anonymous = 2 problem
Rowland Penny
rowlandpenny at googlemail.com
Fri May 8 12:36:23 MDT 2015
On 08/05/15 18:51, barış tombul wrote:
> RDP working configuration:
>
> restrict anonymous = 0
> auth methods = sam winbind
> server services = winbindd, s3fs, rpc, nbt, wrepl, cldap, ldap,
> kdc, drepl, ntp_signd, kcc, dnsupdate
> dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr,
> netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser, eventlog6,
> backupkey, dnsserver, remote, winreg, srvsvc
>
>
> RDP working configuration but not the new client and join
>
>
> restrict anonymous = 2
> auth methods = sam winbind
> server services = winbindd, s3fs, rpc, nbt, wrepl, cldap, ldap,
> kdc, drepl, ntp_signd, kcc, dnsupdate
> dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr,
> netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser, eventlog6,
> backupkey, dnsserver, remote, winreg, srvsvc
OK, why are you setting it to 2 ? If you read 'man smb.page' , you will
find this:
This can break third party and Microsoft applications which expect to be
allowed
to perform operations anonymously.
There is also this:
The security advantage of using restrict anonymous = 2 is removed by
setting guest ok = yes on any share.
Also if you were to a bit of searching, you may find this:
https://technet.microsoft.com/en-us/library/cc963223.aspx
Where it says this:
Do not set the value of this entry to 2 in mixed-mode environments. Only
consider setting it to 2 in environments running only Windows 2000, and
only after verifying that appropriate service levels and program
function are maintained.
You don't much more mixed-mode than samba4 :-D
Bottom line, remove the line and it will revert to the default '0'
Rowland
More information about the samba
mailing list