On Tue, 2005-12-20 at 23:46 +0100, Marek Szuba wrote: > On Sun, 18 Dec 2005 19:18:41 -0800 > Andrew Bartlett <[EMAIL PROTECTED]> wrote: > > > Samba3 (due to NT4 protocol limitations) doesn't support being a DC and > > having > 'restrict anonymous = 2' set. > Right, gotta stick with 1 then. Thanks for clearing it up.
Some things might break with restrict anonymous = 1. Test carefully. > > It is the other way around. If you set 'restrict anonymous = 2', then > > you cannot get to a share as a guest, even with 'guest ok = yes', as the > > anonymous connection has already been denied. > Makes sense... Still, the manpage (both in 3.0.14a-Debian and 3.0.20b) > states the opposite. Let me dig up appropriate quotes: > - in "guest ok" entry, line 1732: "this setting nullifies the benefits > of setting restrict anonymous = 2" > - in "restrict anonymous" entry, line 3963: "the security advantage of > using restrict anonymous = 2 is removed by setting guest ok = yes on > any share" I'll ponder. I remember writing those words... Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net
signature.asc
Description: This is a digitally signed message part
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
