Re: NULL sessions - Listing shares anonymously - restrict anonymous
On Fri, 2002-11-15 at 19:40, Tim Potter wrote: > On Fri, Nov 15, 2002 at 07:32:06PM +1100, Andrew Bartlett wrote: > > > > In the Samba HEAD and 3.0 branches however the parameter behaves more > > > like the RestrictAnonymous registry setting. Only 'restrict anonymous = 1' > > > is currently supported though. > > > > I'm going to do some research, and figure out exactly what 'restrict > > anonymous = 2' does. If it denies all guest logins, then it is trivial > > to implement. > > I'm pretty sure that's what it does. It would be nice to implement it > in terms of security descriptors for the various rpc pipes. Actually, it allows the session setup, but denies the tree connect to IPC$. I'm about to commit a patch to this effect, but I wasn't sure about what behavior we should have: override all 'guest ok' settings for all shares allow guest access to these shares, which implies guest IPC access (because we allow IPC on all shares, not just IPC$ - at least that's my understanding) Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part
Re: NULL sessions - Listing shares anonymously - restrict anonymous
Yannick Mercier wrote: : > Unfortunately, Ill have to back out to samba 2.2 because I'm using this > samba server as a PDC also, and when I logon with my WinXP workstation, > the PC reboots during "Loading desktop settings" > I guess its a bug in the alpha version of samba If the XP system reboots then there's a bug in XP. The fact that the alpha version of Samba excersizes the XP bug is something we will want to fix, but XP shouldn't be rebooting on error. Chris -)- -- Samba Team -- http://www.samba.org/ -)- Christopher R. Hertel jCIFS Team -- http://jcifs.samba.org/ -)- ubiqx development, uninq. ubiqx Team -- http://www.ubiqx.org/ -)- [EMAIL PROTECTED] OnLineBook -- http://ubiqx.org/cifs/-)- [EMAIL PROTECTED]
Re: NULL sessions - Listing shares anonymously - restrict anonymous
On Fri, Nov 15, 2002 at 07:32:06PM +1100, Andrew Bartlett wrote: > > In the Samba HEAD and 3.0 branches however the parameter behaves more > > like the RestrictAnonymous registry setting. Only 'restrict anonymous = 1' > > is currently supported though. > > I'm going to do some research, and figure out exactly what 'restrict > anonymous = 2' does. If it denies all guest logins, then it is trivial > to implement. I'm pretty sure that's what it does. It would be nice to implement it in terms of security descriptors for the various rpc pipes. Tim.
Re: NULL sessions - Listing shares anonymously - restrict anonymous
I installed the samba-3.0alpha20 (latest I think) and "restrict anonymous = 1" works for denying the shares Listing from non-authentified users. As what Ive read, the restrict anonymous = 2 is not implemented yet, but when it will be, it is supposed to deny all rpc calls, which will be great Unfortunately, Ill have to back out to samba 2.2 because Im using this samba server as a PDC also, and when I logon with my WinXP workstation, the PC reboots during "Loading desktop settings" I guess its a bug in the alpha version of samba - I'm going to do some research, and figure out exactly what 'restrict anonymous = 2' does. If it denies all guest logins, then it is trivial to implement. Andrew Bartlett On Fri, 2002-11-15 at 15:08, Tim Potter wrote: > On Thu, Nov 14, 2002 at 08:50:47PM -0500, Yannick Mercier wrote: > > > I am running 2.2.5 and I would like to know if the > > "restrict anonymous" as been implemented correctly, as it was supposed > > to behave from the start, in order to deny > > ALL anonymous connections as stated in the man : > > "When restrict anonymous is yes, all anonymous connections are denied no > > matter what they are for." > > In the Samba 2.2 branch the 'restrict anonymous' parameter behaves as > per the manual page. It's broken and unlikely to be fixed. > > > Ive been reading some dev mailing lists and someone said that there would be > > 0, 1 , 2 as > > possible values to the "restrict anonymous" option, as it been done yet ? > > In the Samba HEAD and 3.0 branches however the parameter behaves more > like the RestrictAnonymous registry setting. Only 'restrict anonymous = 1' > is currently supported though.
Re: NULL sessions - Listing shares anonymously - restrict anonymous
On Fri, 2002-11-15 at 15:08, Tim Potter wrote: > On Thu, Nov 14, 2002 at 08:50:47PM -0500, Yannick Mercier wrote: > > > I am running 2.2.5 and I would like to know if the > > "restrict anonymous" as been implemented correctly, as it was supposed > > to behave from the start, in order to deny > > ALL anonymous connections as stated in the man : > > "When restrict anonymous is yes, all anonymous connections are denied no > > matter what they are for." > > In the Samba 2.2 branch the 'restrict anonymous' parameter behaves as > per the manual page. It's broken and unlikely to be fixed. > > > Ive been reading some dev mailing lists and someone said that there would be > > 0, 1 , 2 as > > possible values to the "restrict anonymous" option, as it been done yet ? > > In the Samba HEAD and 3.0 branches however the parameter behaves more > like the RestrictAnonymous registry setting. Only 'restrict anonymous = 1' > is currently supported though. I'm going to do some research, and figure out exactly what 'restrict anonymous = 2' does. If it denies all guest logins, then it is trivial to implement. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part
Re: NULL sessions - Listing shares anonymously - restrict anonymous
On Thu, Nov 14, 2002 at 08:50:47PM -0500, Yannick Mercier wrote: > I am running 2.2.5 and I would like to know if the > "restrict anonymous" as been implemented correctly, as it was supposed > to behave from the start, in order to deny > ALL anonymous connections as stated in the man : > "When restrict anonymous is yes, all anonymous connections are denied no > matter what they are for." In the Samba 2.2 branch the 'restrict anonymous' parameter behaves as per the manual page. It's broken and unlikely to be fixed. > Ive been reading some dev mailing lists and someone said that there would be > 0, 1 , 2 as > possible values to the "restrict anonymous" option, as it been done yet ? In the Samba HEAD and 3.0 branches however the parameter behaves more like the RestrictAnonymous registry setting. Only 'restrict anonymous = 1' is currently supported though. Tim.
NULL sessions - Listing shares anonymously - restrict anonymous
Hi, I am running 2.2.5 and I would like to know if the "restrict anonymous" as been implemented correctly, as it was supposed to behave from the start, in order to deny ALL anonymous connections as stated in the man : "When restrict anonymous is yes, all anonymous connections are denied no matter what they are for." Ive been reading some dev mailing lists and someone said that there would be 0, 1 , 2 as possible values to the "restrict anonymous" option, as it been done yet ? Yan