From a9aea1449a3a311c8bf05e4c794c741910bc0459 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Thu, 1 May 2003 02:00:32 +0000 Subject: Apparently we do support RA=2. (This used to be commit e146682b9f0cd8c8f6be6cad4b05a86ca118e973) --- docs/docbook/smbdotconf/security/restrictanonymous.xml | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) (limited to 'docs/docbook/smbdotconf/security') diff --git a/docs/docbook/smbdotconf/security/restrictanonymous.xml b/docs/docbook/smbdotconf/security/restrictanonymous.xml index 3bd19833de..803bc06b2b 100644 --- a/docs/docbook/smbdotconf/security/restrictanonymous.xml +++ b/docs/docbook/smbdotconf/security/restrictanonymous.xml @@ -10,8 +10,15 @@ 2000 and Windows NT. When set to 0, user and group list information is returned to anyone who asks. When set to 1, only an authenticated user can retrive user and - group list information. The value 2, supported by - Windows 2000 and higher, is not supported by Samba. + group list information. For the value 2, supported by + Windows 2000/XP and Samba, no anonymous connections are allowed at + all. This can break third party and Microsoft + applications which expect to be allowed to perform + operations anonymously. + + The security advantage of using restrict anonymous = 1 is dubious, + as user and group list information can be obtained using other + means. Default: restrict anonymous = 0 -- cgit