[Samba] Samba4 user enumeration
Denis CARDON
dcardon at tranquil.it
Thu Nov 25 09:32:05 UTC 2021
Le 25/11/2021 à 10:24, Rowland Penny via samba a écrit :
> On Thu, 2021-11-25 at 10:05 +0100, Denis CARDON via samba wrote:
>> Hi Sebastian,
>>
>> Le 25/11/2021 à 09:15, Sebastian Mazur via samba a écrit :
>>> Hi
>>>
>>> It has recently been brought to my attention that you can list all
>>> samba
>>> users anonymously via enum4linux from Kali distribution.
>>>
>>> I tried to disable this by GPO by enabling Network access: Do not
>>> allow
>>> anonymous enumeration of SAM accounts and shares security policy
>>> setting.
>>>
>>> With no effect.
>>>
>>> I use Samba in version 4.13.13 in Debian distribution.
>>>
>>> Is there anyway to disable it?
>>
>> please take a look at
>> https://samba.tranquil.it/doc/en/samba_advanced_methods/samba_active_directory_higher_security_tips.html#turning-off-null-session-connections
>>
>> just add restrict anonymous = 2 to your smb.conf file.
>
> Or better still, upgrade to AD
anonymous enumeration still works on Samba-AD 4.14 *by default*. I have
not checked if the default has changed on 4.15.
Denis
>
> Rowland
>
>
>
More information about the samba
mailing list