[Samba] anonymous ldap search, how disable it?
Rowland Penny
rpenny at samba.org
Fri Jul 5 07:46:21 UTC 2024
On Fri, 5 Jul 2024 10:21:50 +1200
Douglas Bagnall via samba <samba at lists.samba.org> wrote:
> On 4/07/24 17:38, Joachim Lindenberg via samba wrote:
> > Afaik or understand, enum4linux uses samba-tool
> > (https://www.kali.org/tools/enum4linux/) and not ldap. Did you try
> > enum4linux on a member (probably after some authentication) or some
> > other non-member linux?
>
> I don't think that is quite the right distinction, because samba-tool
> would probably use ldap for this.
>
> Also, I see ldapsearch at
> https://gitlab.com/kalilinux/packages/enum4linux/-/blob/kali/master/enum4linux.pl?ref_type=heads#L413
>
> However, the enum_groups and enum_dom_groups functions use Sambas's
> rpcclient and net.
>
> e.g.
> https://gitlab.com/kalilinux/packages/enum4linux/-/blob/kali/master/enum4linux.pl?ref_type=heads#L566
>
> I haven't looked closely, but I feel like I should.
I wouldn't bother, this perl script is old and best forgotten, a lot of
it seems to rely on SMBv1, 'nmblookup' for instance. It also seems to
only use ldap directly if the '-l' switch is used.
Rowland
More information about the samba
mailing list