On Fri, 2002-11-15 at 19:40, Tim Potter wrote: > On Fri, Nov 15, 2002 at 07:32:06PM +1100, Andrew Bartlett wrote: > > > > In the Samba HEAD and 3.0 branches however the parameter behaves more > > > like the RestrictAnonymous registry setting. Only 'restrict anonymous = 1' > > > is currently supported though. > > > > I'm going to do some research, and figure out exactly what 'restrict > > anonymous = 2' does. If it denies all guest logins, then it is trivial > > to implement. > > I'm pretty sure that's what it does. It would be nice to implement it > in terms of security descriptors for the various rpc pipes.
Actually, it allows the session setup, but denies the tree connect to IPC$. I'm about to commit a patch to this effect, but I wasn't sure about what behavior we should have: override all 'guest ok' settings for all shares allow guest access to these shares, which implies guest IPC access (because we allow IPC on all shares, not just IPC$ - at least that's my understanding) Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net
signature.asc
Description: This is a digitally signed message part