docs-xml/smbdotconf/security/restrictanonymous.xml

   1 <samba:parameter name="restrict anonymous"
   2                  type="integer"
   3                  context="G"
   4                  xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
   5 <description>
   6         <para>
   7                 The setting of this parameter determines whether SAMR and LSA
   8                 DCERPC services can be accessed anonymously. This corresponds
   9                 to the following Windows Server registry options:
  10         </para>
  11
  12         <programlisting>
  13                 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\RestrictAnonymous
  14         </programlisting>
  15
  16         <para>
  17                 The option also affects the browse option which is required by
  18                 legacy clients which rely on Netbios browsing. While modern
  19                 Windows version should be fine with restricting the access
  20                 there could still be applications relying on anonymous access.
  21         </para>
  22
  23         <para>
  24                 Setting <smbconfoption name="restrict anonymous">1</smbconfoption>
  25                 will disable anonymous SAMR access.
  26         </para>
  27
  28         <para>
  29                 Setting <smbconfoption name="restrict anonymous">2</smbconfoption>
  30                 will, in addition to restricting SAMR access, disallow anonymous
  31                 connections to the IPC$ share in general.
  32                 Setting <smbconfoption name="guest ok">yes</smbconfoption> on any share
  33                 will remove the security advantage.
  34         </para>
  35 </description>
  36
  37 <value type="default">0</value>
  38 </samba:parameter>