Hi, I tried ldap anonymous search in samba. Downloaded kali linux, run enum4linux -a my.dc.domain and get all group, users, sids, rids... without any password o_O Go to https://wiki.samba.org/index.php/FAQ#Does_the_Samba_Internal_LDAP_Server_Supports_Anonymous_Searches? and run samba-tool forest? directory_service dsheuristics 0000000 set dsheuristics: 0000000 then tin again enum4linux -a my.dc.domain and got all the data (users, groups,...)anonymous ldap search again set dsheuristics to 0000002 samba-tool forest directory_service dsheuristics 0000000 set dsheuristics: 0000002 but nothing has changed.. :( How disable ? -- *Anton*
On Wed, 3 Jul 2024 21:52:39 +0500 Anton Shevtsov via samba <samba at lists.samba.org> wrote:> Hi, > > I tried ldap anonymous search in samba. > > Downloaded kali linux, run > > enum4linux -a my.dc.domain > > and get all group, users, sids, rids... without any password o_OI do not think you are using ldap there, unless you explicitly set anonymous search in AD, you must supply a valid username & password, or use kerberos. Rowland