[Samba] Samba4 user enumeration
Rowland Penny
rpenny at samba.org
Thu Nov 25 09:24:47 UTC 2021
On Thu, 2021-11-25 at 10:05 +0100, Denis CARDON via samba wrote:
> Hi Sebastian,
>
> Le 25/11/2021 à 09:15, Sebastian Mazur via samba a écrit :
> > Hi
> >
> > It has recently been brought to my attention that you can list all
> > samba
> > users anonymously via enum4linux from Kali distribution.
> >
> > I tried to disable this by GPO by enabling Network access: Do not
> > allow
> > anonymous enumeration of SAM accounts and shares security policy
> > setting.
> >
> > With no effect.
> >
> > I use Samba in version 4.13.13 in Debian distribution.
> >
> > Is there anyway to disable it?
>
> please take a look at
> https://samba.tranquil.it/doc/en/samba_advanced_methods/samba_active_directory_higher_security_tips.html#turning-off-null-session-connections
>
> just add restrict anonymous = 2 to your smb.conf file.
Or better still, upgrade to AD
Rowland
More information about the samba
mailing list