On Sun, 18 Dec 2005 19:18:41 -0800 Andrew Bartlett <[EMAIL PROTECTED]> wrote:
> Samba3 (due to NT4 protocol limitations) doesn't support being a DC and > having > 'restrict anonymous = 2' set. Right, gotta stick with 1 then. Thanks for clearing it up. > It is the other way around. If you set 'restrict anonymous = 2', then > you cannot get to a share as a guest, even with 'guest ok = yes', as the > anonymous connection has already been denied. Makes sense... Still, the manpage (both in 3.0.14a-Debian and 3.0.20b) states the opposite. Let me dig up appropriate quotes: - in "guest ok" entry, line 1732: "this setting nullifies the benefits of setting restrict anonymous = 2" - in "restrict anonymous" entry, line 3963: "the security advantage of using restrict anonymous = 2 is removed by setting guest ok = yes on any share" Cheers, -- MS -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
