[Samba] samba 4.2.1 RDP && restrict anonymous = 2 problem
Rowland Penny
rowlandpenny at googlemail.com
Fri May 8 12:38:01 MDT 2015
On 08/05/15 19:36, Rowland Penny wrote:
> On 08/05/15 18:51, barış tombul wrote:
>> RDP working configuration:
>>
>> restrict anonymous = 0
>> auth methods = sam winbind
>> server services = winbindd, s3fs, rpc, nbt, wrepl, cldap, ldap,
>> kdc, drepl, ntp_signd, kcc, dnsupdate
>> dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr,
>> netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser,
>> eventlog6,
>> backupkey, dnsserver, remote, winreg, srvsvc
>>
>>
>> RDP working configuration but not the new client and join
>>
>>
>> restrict anonymous = 2
>> auth methods = sam winbind
>> server services = winbindd, s3fs, rpc, nbt, wrepl, cldap, ldap,
>> kdc, drepl, ntp_signd, kcc, dnsupdate
>> dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr,
>> netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser,
>> eventlog6,
>> backupkey, dnsserver, remote, winreg, srvsvc
>
> OK, why are you setting it to 2 ? If you read 'man smb.page' , you
> will find this:
>
> This can break third party and Microsoft applications which expect to
> be allowed
> to perform operations anonymously.
>
> There is also this:
>
> The security advantage of using restrict anonymous = 2 is removed by
> setting guest ok = yes on any share.
>
> Also if you were to a bit of searching, you may find this:
>
> https://technet.microsoft.com/en-us/library/cc963223.aspx
>
> Where it says this:
>
> Do not set the value of this entry to 2 in mixed-mode environments.
> Only consider setting it to 2 in environments running only Windows
> 2000, and only after verifying that appropriate service levels and
> program function are maintained.
>
> You don't much more mixed-mode than samba4 :-D
>
> Bottom line, remove the line and it will revert to the default '0'
>
> Rowland
>
OOPS, that should have been 'man smb.conf' :-[
Rowland
More information about the samba
mailing list