summaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2002-11-22 02:40:21 +0000
committerAndrew Bartlett <abartlet@samba.org>2002-11-22 02:40:21 +0000
commita75f1ba9d4b314f793bf7877f329dc420546c4b0 (patch)
tree56878021361ee5b9e3e282d0aacaab64fef05b2e /docs
parentabc32ea8506c4d586ef383c7f562ed12f7932ffd (diff)
downloadsamba-a75f1ba9d4b314f793bf7877f329dc420546c4b0.tar.gz
samba-a75f1ba9d4b314f793bf7877f329dc420546c4b0.tar.bz2
samba-a75f1ba9d4b314f793bf7877f329dc420546c4b0.zip
Add support for 'restrict anonymous=2' and make the doco give a slight hint
as to what it now does in 3.0. Needs more work, but better than documenting the old functionality :-). As the security benifits of this are nullified by a setting of 'guest ok' on any share, we might want to put some documentation there too. Andrew Bartlett (This used to be commit ab812ada56b740ac986de8e1f4ca36641ec61c01)
Diffstat (limited to 'docs')
-rw-r--r--docs/docbook/manpages/smb.conf.5.sgml30
1 files changed, 6 insertions, 24 deletions
diff --git a/docs/docbook/manpages/smb.conf.5.sgml b/docs/docbook/manpages/smb.conf.5.sgml
index 8452e97329..6ed870ed3e 100644
--- a/docs/docbook/manpages/smb.conf.5.sgml
+++ b/docs/docbook/manpages/smb.conf.5.sgml
@@ -6544,30 +6544,12 @@
<varlistentry>
<term><anchor id="RESTRICTANONYMOUS">restrict anonymous (G)</term>
- <listitem><para>This is a boolean parameter. If it is <constant>yes</constant>, then
- anonymous access to the server will be restricted, namely in the
- case where the server is expecting the client to send a username,
- but it doesn't. Setting it to <constant>yes</constant> will force these anonymous
- connections to be denied, and the client will be required to always
- supply a username and password when connecting. Use of this parameter
- is only recommended for homogeneous NT client environments.</para>
-
- <para>This parameter makes the use of macro expansions that rely
- on the username (%U, %G, etc) consistent. NT 4.0
- likes to use anonymous connections when refreshing the share list,
- and this is a way to work around that.</para>
-
- <para>When restrict anonymous is <constant>yes</constant>, all anonymous connections
- are denied no matter what they are for. This can effect the ability
- of a machine to access the Samba Primary Domain Controller to revalidate
- its machine account after someone else has logged on the client
- interactively. The NT client will display a message saying that
- the machine's account in the domain doesn't exist or the password is
- bad. The best way to deal with this is to reboot NT client machines
- between interactive logons, using "Shutdown and Restart", rather
- than "Close all programs and logon as a different user".</para>
-
- <para>Default: <command>restrict anonymous = no</command></para>
+ <listitem><para>This is a integer parameter, and
+ mirrors as much as possible the functinality the
+ <constant>RestrictAnonymous</constant>
+ registry key does on NT/Win2k.
+
+ <para>Default: <command>restrict anonymous = 0</command></para>
</listitem>
</varlistentry>