On Wed, 2005-12-21 at 17:49 +1100, Andrew Bartlett wrote: > On Tue, 2005-12-20 at 23:46 +0100, Marek Szuba wrote: > > On Sun, 18 Dec 2005 19:18:41 -0800 > > Andrew Bartlett <[EMAIL PROTECTED]> wrote: > > > > > Samba3 (due to NT4 protocol limitations) doesn't support being a DC and > > > having > 'restrict anonymous = 2' set. > > Right, gotta stick with 1 then. Thanks for clearing it up. > > Some things might break with restrict anonymous = 1. Test carefully. > > > > It is the other way around. If you set 'restrict anonymous = 2', then > > > you cannot get to a share as a guest, even with 'guest ok = yes', as the > > > anonymous connection has already been denied. > > Makes sense... Still, the manpage (both in 3.0.14a-Debian and 3.0.20b) > > states the opposite. Let me dig up appropriate quotes: > > - in "guest ok" entry, line 1732: "this setting nullifies the benefits > > of setting restrict anonymous = 2" > > - in "restrict anonymous" entry, line 3963: "the security advantage of > > using restrict anonymous = 2 is removed by setting guest ok = yes on > > any share" > > I'll ponder. I remember writing those words...
I got confused which way around the tests were performed. The manpage is correct, it is done at share connect time. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net
signature.asc
Description: This is a digitally signed message part
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
