M Maki wrote: > > I have a couple of Samba (2.0.7 & 2.2.0) servers I scanned with Nessus and > they reported a security hole of "Possible to login to the remote host using > a NULL session" I have a couple of NT servers I disabled with a registry > edit. Is there a way to prevent this on the Samba servers or is it evan a > valid issue?
Samba HEAD starts to add some of this, but the manpage is compleatly inaccurate... Set 'restrict anonymous = 1' should get you the start. I'm looking into how to best implement 'restrict anonymous = 2'. In the meantime, if you set 'auth methods = sam' (for standalone servers) then it will skip the 'guest' module, and deny all anonymous connections. However, this will break browsing and other services. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
