thr3ads.net - samba - [Samba] anonymous ldap search, how disable it? [Jul 2024]

If this information is useful, please help other people find it:
Share via:

Anton Shevtsov

2024-Jul-04 05:22 UTC

[Samba] anonymous ldap search, how disable it?

03.07.2024 23:14, Kees van Vloten via samba ?????:>
> On 03-07-2024 19:36, Rowland Penny via samba wrote:
>> On Wed, 3 Jul 2024 21:52:39 +0500
>> Anton Shevtsov via samba <samba at lists.samba.org> wrote:
>>
>>> Hi,
>>>
>>> I tried ldap anonymous search in samba.
>>>
>>> Downloaded kali linux, run
>>>
>>> enum4linux -a my.dc.domain
>>>
>>> and get all group, users, sids, rids... without any password o_O
>> I do not think you are using ldap there, unless you explicitly set
>> anonymous search in AD, you must supply a valid username &
password, or
>> use kerberos.
> set dsheuristics: 0000002
>
> This means anonymous ldap is enabled.
>
> I used it for a while, you also have to set dsacls on the objects you 
> want to allow in anonymous queries.
I set 0 (and 0000000) - but anonymous access dont disabled

Also, tried on MS AD - work fine - user, groups - not? available


>
> - Kees.
>
>>
>> Rowland
>>
>-- 
basealt logo *?????? ????? ???????*
/??????? ?????????? ?????? ???????????? ????????/
??? ??????? ???
????????? : +79222651692
telegram : @anton_shevtsov

Joachim Lindenberg

2024-Jul-04 05:38 UTC

head link

[Samba] anonymous ldap search, how disable it?

Afaik or understand, enum4linux uses samba-tool
(https://www.kali.org/tools/enum4linux/) and not ldap. Did you try enum4linux on
a member (probably after some authentication) or some other non-member linux?
Regards,
Joachim

Apparently Analagous Threads

Search for more seemingly similar threads

samba - Jul 2024 - anonymous ldap search, how disable it?

[Samba] anonymous ldap search, how disable it?

[Samba] anonymous ldap search, how disable it?

Apparently Analagous Threads