[Samba] anonymous ldap search, how disable it?
Anton Shevtsov
shevtsovay at basealt.ru
Wed Jul 3 16:52:39 UTC 2024
Hi,
I tried ldap anonymous search in samba.
Downloaded kali linux, run
enum4linux -a my.dc.domain
and get all group, users, sids, rids... without any password o_O
Go to
https://wiki.samba.org/index.php/FAQ#Does_the_Samba_Internal_LDAP_Server_Supports_Anonymous_Searches?
and run
samba-tool forest directory_service dsheuristics 0000000
set dsheuristics: 0000000
then tin again
enum4linux -a my.dc.domain
and got all the data (users, groups,...)anonymous ldap search again
set dsheuristics to 0000002
samba-tool forest directory_service dsheuristics 0000000
set dsheuristics: 0000002
but nothing has changed.. :(
How disable ?
--
*Anton*
More information about the samba
mailing list