thr3ads.net - samba - [Samba] anonymous ldap search, how disable it? [Jul 2024]

If this information is useful, please help other people find it:
Share via:

Rowland Penny

2024-Jul-03 17:36 UTC

[Samba] anonymous ldap search, how disable it?

On Wed, 3 Jul 2024 21:52:39 +0500
Anton Shevtsov via samba <samba at lists.samba.org> wrote:
> Hi,
> 
> I tried ldap anonymous search in samba.
> 
> Downloaded kali linux, run
> 
> enum4linux -a my.dc.domain
> 
> and get all group, users, sids, rids... without any password o_O
I do not think you are using ldap there, unless you explicitly set
anonymous search in AD, you must supply a valid username & password, or
use kerberos.

Rowland

Kees van Vloten

2024-Jul-03 18:14 UTC

head link

[Samba] anonymous ldap search, how disable it?

On 03-07-2024 19:36, Rowland Penny via samba wrote:> On Wed, 3 Jul 2024 21:52:39 +0500
> Anton Shevtsov via samba <samba at lists.samba.org> wrote:
>
>> Hi,
>>
>> I tried ldap anonymous search in samba.
>>
>> Downloaded kali linux, run
>>
>> enum4linux -a my.dc.domain
>>
>> and get all group, users, sids, rids... without any password o_O
> I do not think you are using ldap there, unless you explicitly set
> anonymous search in AD, you must supply a valid username & password, or
> use kerberos.set dsheuristics: 0000002

This means anonymous ldap is enabled.

I used it for a while, you also have to set dsacls on the objects you 
want to allow in anonymous queries.

- Kees.
>
> Rowland
>

Seemingly Similar Threads

Search for more possibly parallel threads

samba - Jul 2024 - anonymous ldap search, how disable it?

[Samba] anonymous ldap search, how disable it?

[Samba] anonymous ldap search, how disable it?

Seemingly Similar Threads