On Mon, 2004-03-08 at 02:51, fire-eyes wrote:
I'm runninng samba 3.0.2a on a few machines, ADS security mode, domain member roles. I throw nessus at it, and it can fetch the SID and then list all of the users on the system.
I view this as a security problem, is there a way to prevent this?
Firstly, nessus is a bit over-the-top at times. That said, you may run Samba in 'restrict anonymous' mode by setting the smb.conf parameter.
'restrict anonymous = 2' will keep nessus at bay, but also break any network browsing function your machine may be playing. You cannot set this on a PDC. See the manpage the and MS knowlege base articles mentioned in it.
Andrew Bartlett
Setting it to 2 did exactly what I was looking for, thanks. Thanfully it isn't a PDC.
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
