| Line | |
|---|
| 1 | <samba:parameter name="restrict anonymous"
|
|---|
| 2 | type="integer"
|
|---|
| 3 | context="G"
|
|---|
| 4 | advanced="1" developer="1"
|
|---|
| 5 | xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
|
|---|
| 6 | <description>
|
|---|
| 7 | <para>The setting of this parameter determines whether user and
|
|---|
| 8 | group list information is returned for an anonymous connection.
|
|---|
| 9 | and mirrors the effects of the
|
|---|
| 10 | <programlisting>
|
|---|
| 11 | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
|
|---|
| 12 | Control\LSA\RestrictAnonymous
|
|---|
| 13 | </programlisting>
|
|---|
| 14 | registry key in Windows 2000 and Windows NT. When set to 0, user
|
|---|
| 15 | and group list information is returned to anyone who asks. When set
|
|---|
| 16 | to 1, only an authenticated user can retrive user and
|
|---|
| 17 | group list information. For the value 2, supported by
|
|---|
| 18 | Windows 2000/XP and Samba, no anonymous connections are allowed at
|
|---|
| 19 | all. This can break third party and Microsoft
|
|---|
| 20 | applications which expect to be allowed to perform
|
|---|
| 21 | operations anonymously.</para>
|
|---|
| 22 |
|
|---|
| 23 | <para>
|
|---|
| 24 | The security advantage of using restrict anonymous = 1 is dubious,
|
|---|
| 25 | as user and group list information can be obtained using other
|
|---|
| 26 | means.
|
|---|
| 27 | </para>
|
|---|
| 28 |
|
|---|
| 29 | <note>
|
|---|
| 30 | <para>
|
|---|
| 31 | The security advantage of using restrict anonymous = 2 is removed
|
|---|
| 32 | by setting <smbconfoption name="guest ok">yes</smbconfoption> on any share.
|
|---|
| 33 | </para>
|
|---|
| 34 | </note>
|
|---|
| 35 | </description>
|
|---|
| 36 |
|
|---|
| 37 | <value type="default">0</value>
|
|---|
| 38 | </samba:parameter>
|
|---|
Note:
See
TracBrowser
for help on using the repository browser.
