From a9aea1449a3a311c8bf05e4c794c741910bc0459 Mon Sep 17 00:00:00 2001
From: Tim Potter <tpot@samba.org>
Date: Thu, 1 May 2003 02:00:32 +0000
Subject: Apparently we do support RA=2. (This used to be commit
 e146682b9f0cd8c8f6be6cad4b05a86ca118e973)

---
 docs/docbook/smbdotconf/security/restrictanonymous.xml | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/docs/docbook/smbdotconf/security/restrictanonymous.xml b/docs/docbook/smbdotconf/security/restrictanonymous.xml
index 3bd19833de..803bc06b2b 100644
--- a/docs/docbook/smbdotconf/security/restrictanonymous.xml
+++ b/docs/docbook/smbdotconf/security/restrictanonymous.xml
@@ -10,8 +10,15 @@
     2000 and Windows NT.  When set to 0, user and group list
     information is returned to anyone who asks.  When set
     to 1, only an authenticated user can retrive user and
-    group list information.  The value 2, supported by
-    Windows 2000 and higher, is not supported by Samba.
+    group list information.  For the value 2, supported by
+    Windows 2000/XP and Samba, no anonymous connections are allowed at
+    all.  This can break third party and Microsoft
+    applications which expect to be allowed to perform
+    operations anonymously.
+
+    The security advantage of using restrict anonymous = 1 is dubious,
+    as user and group list information can be obtained using other
+    means.
     </para>
 
     <para>Default: <command moreinfo="none">restrict anonymous = 0</command></para>
-- 
cgit