thr3ads.net - samba - [Samba] anonymous ldap search, how disable it? [Jul 2024]

If this information is useful, please help other people find it:
Share via:

Anton Shevtsov

2024-Jul-03 16:52 UTC

[Samba] anonymous ldap search, how disable it?

Hi,

I tried ldap anonymous search in samba.

Downloaded kali linux, run

enum4linux -a my.dc.domain

and get all group, users, sids, rids... without any password o_O

Go to 
https://wiki.samba.org/index.php/FAQ#Does_the_Samba_Internal_LDAP_Server_Supports_Anonymous_Searches?

and run

samba-tool forest? directory_service dsheuristics 0000000
set dsheuristics: 0000000

then tin again

enum4linux -a my.dc.domain

and got all the data (users, groups,...)anonymous ldap search again

set dsheuristics to 0000002

samba-tool forest directory_service dsheuristics 0000000
set dsheuristics: 0000002

but nothing has changed.. :(

How disable ?

-- 
*Anton*

Rowland Penny

2024-Jul-03 17:36 UTC

head link

[Samba] anonymous ldap search, how disable it?

On Wed, 3 Jul 2024 21:52:39 +0500
Anton Shevtsov via samba <samba at lists.samba.org> wrote:
> Hi,
> 
> I tried ldap anonymous search in samba.
> 
> Downloaded kali linux, run
> 
> enum4linux -a my.dc.domain
> 
> and get all group, users, sids, rids... without any password o_O
I do not think you are using ldap there, unless you explicitly set
anonymous search in AD, you must supply a valid username & password, or
use kerberos.

Rowland

Douglas Bagnall

2024-Jul-05 00:54 UTC

head link

[Samba] anonymous ldap search, how disable it?

On 4/07/24 04:52, Anton Shevtsov via samba wrote:
> How disable ?
Does

      restrict anonymous = 2

in smb.conf help?


cheers,
Douglas

samba - Jul 2024 - anonymous ldap search, how disable it?

[Samba] anonymous ldap search, how disable it?

[Samba] anonymous ldap search, how disable it?

[Samba] anonymous ldap search, how disable it?