summaryrefslogtreecommitdiff
path: root/docs/docbook/smbdotconf/security
diff options
context:
space:
mode:
Diffstat (limited to 'docs/docbook/smbdotconf/security')
-rw-r--r--docs/docbook/smbdotconf/security/restrictanonymous.xml11
1 files changed, 9 insertions, 2 deletions
diff --git a/docs/docbook/smbdotconf/security/restrictanonymous.xml b/docs/docbook/smbdotconf/security/restrictanonymous.xml
index 3bd19833de..803bc06b2b 100644
--- a/docs/docbook/smbdotconf/security/restrictanonymous.xml
+++ b/docs/docbook/smbdotconf/security/restrictanonymous.xml
@@ -10,8 +10,15 @@
2000 and Windows NT. When set to 0, user and group list
information is returned to anyone who asks. When set
to 1, only an authenticated user can retrive user and
- group list information. The value 2, supported by
- Windows 2000 and higher, is not supported by Samba.
+ group list information. For the value 2, supported by
+ Windows 2000/XP and Samba, no anonymous connections are allowed at
+ all. This can break third party and Microsoft
+ applications which expect to be allowed to perform
+ operations anonymously.
+
+ The security advantage of using restrict anonymous = 1 is dubious,
+ as user and group list information can be obtained using other
+ means.
</para>
<para>Default: <command moreinfo="none">restrict anonymous = 0</command></para>