On Thu, 6 Mar 2003, unolinuxguru wrote: > I'm setting up a samba primary domain controller in Debian woody and the > users are logging into the domain fine and can access their shares. I > would like to restrict the listings of available shares to only > authenticated users of the samba domain. I know this works in a win NT4 > domain, how does one do it with samba? > > This is the listing I get from an nt4 pdc (belongs to a different domain > than this system 'WS-072') without supplying a username or password... > > [EMAIL PROTECTED]:/etc/samba# smbclient -L //nt4pdc > added interface ip=192.168.2.45 bcast=192.168.2.255 nmask=255.255.255.0 > Got a positive name query response from 192.168.2.5 ( 192.168.2.5 ) > Password: > Anonymous login successful > Domain=[HMS] OS=[Windows NT 4.0] Server=[NT LAN Manager 4.0] > > Sharename Type Comment > --------- ---- ------- > Error returning browse list: NT_STATUS_ACCESS_DENIED > <snip> > > If I do supply a username (with the -U option) and the proper password, I > do get a listing of the available shares. > > Now if I try the same listing without a username or password on the samba > primary domain controller of the workgroup this system belongs too... I > should get the same "NT_STATUS_ACCESS_DENIED" for guest user share > listings, but I don't - it shows all of them. > > [EMAIL PROTECTED]:/etc/samba# smbclient -L //debianpdc > added interface ip=192.168.2.45 bcast=192.168.2.255 nmask=255.255.255.0 > Password: > Anonymous login successful > Domain=[LINUXTEST] OS=[Unix] Server=[Samba 2.2.3a-12 for Debian] > > Sharename Type Comment > --------- ---- ------- > tmp Disk temporary files > IPC$ IPC IPC Service (debianpdc server (Samba 2.2.3a-12 for Debian)) > ADMIN$ Disk IPC Service (debianpdc server (Samba 2.2.3a-12 for Debian)) > > > thoughts, suggestions, and of course solutions greatly appreciated. thanks.
If you want to prevent anonymous access to the IPC$ share then in your smb.conf [globals] put: restrict anonymous = Yes - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba