2004-04-07 10:15:11 +00:00
<samba:parameter name= "restrict anonymous"
type="integer"
context="G"
advanced="1" developer="1"
2005-03-12 22:41:20 +00:00
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
2004-04-07 10:15:11 +00:00
<description >
<para > The setting of this parameter determines whether user and
group list information is returned for an anonymous connection.
and mirrors the effects of the
2005-08-25 16:49:40 +00:00
<programlisting >
2007-06-28 22:15:11 +00:00
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Control\LSA\RestrictAnonymous
2005-08-25 16:49:40 +00:00
</programlisting>
2005-07-06 04:05:49 +00:00
registry key in Windows 2000 and Windows NT. When set to 0, user
and group list information is returned to anyone who asks. When set
2004-04-07 10:15:11 +00:00
to 1, only an authenticated user can retrive user and
group list information. For the value 2, supported by
Windows 2000/XP and Samba, no anonymous connections are allowed at
all. This can break third party and Microsoft
applications which expect to be allowed to perform
operations anonymously.</para>
<para >
The security advantage of using restrict anonymous = 1 is dubious,
as user and group list information can be obtained using other
means.
</para>
<note >
<para >
The security advantage of using restrict anonymous = 2 is removed
2005-07-06 21:23:58 +00:00
by setting <smbconfoption name= "guest ok" > yes</smbconfoption> on any share.
2004-04-07 10:15:11 +00:00
</para>
</note>
</description>
<value type= "default" > 0</value>
</samba:parameter>
