[Samba] Samba4 user enumeration
dcardon at tranquil.it
Thu Nov 25 09:32:05 UTC 2021
Le 25/11/2021 à 10:24, Rowland Penny via samba a écrit :
> On Thu, 2021-11-25 at 10:05 +0100, Denis CARDON via samba wrote:
>> Hi Sebastian,
>> Le 25/11/2021 à 09:15, Sebastian Mazur via samba a écrit :
>>> It has recently been brought to my attention that you can list all
>>> users anonymously via enum4linux from Kali distribution.
>>> I tried to disable this by GPO by enabling Network access: Do not
>>> anonymous enumeration of SAM accounts and shares security policy
>>> With no effect.
>>> I use Samba in version 4.13.13 in Debian distribution.
>>> Is there anyway to disable it?
>> please take a look at
>> just add restrict anonymous = 2 to your smb.conf file.
> Or better still, upgrade to AD
anonymous enumeration still works on Samba-AD 4.14 *by default*. I have
not checked if the default has changed on 4.15.
More information about the samba