[Samba] Samba4 user enumeration

Denis CARDON dcardon at tranquil.it
Thu Nov 25 09:05:49 UTC 2021


Hi Sebastian,

Le 25/11/2021 à 09:15, Sebastian Mazur via samba a écrit :
> Hi
> 
> It has recently been brought to my attention that you can list all samba 
> users anonymously via enum4linux from Kali distribution.
> 
> I tried to disable this by GPO by enabling Network access: Do not allow 
> anonymous enumeration of SAM accounts and shares security policy setting.
> 
> With no effect.
> 
> I use Samba in version 4.13.13 in Debian distribution.
> 
> Is there anyway to disable it?

please take a look at 
https://samba.tranquil.it/doc/en/samba_advanced_methods/samba_active_directory_higher_security_tips.html#turning-off-null-session-connections

just add restrict anonymous = 2 to your smb.conf file.

Cheers,

Denis

> 
> Thanks for help.
> 



More information about the samba mailing list