From a75f1ba9d4b314f793bf7877f329dc420546c4b0 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 22 Nov 2002 02:40:21 +0000 Subject: Add support for 'restrict anonymous=2' and make the doco give a slight hint as to what it now does in 3.0. Needs more work, but better than documenting the old functionality :-). As the security benifits of this are nullified by a setting of 'guest ok' on any share, we might want to put some documentation there too. Andrew Bartlett (This used to be commit ab812ada56b740ac986de8e1f4ca36641ec61c01) --- docs/docbook/manpages/smb.conf.5.sgml | 30 ++++++------------------------ 1 file changed, 6 insertions(+), 24 deletions(-) (limited to 'docs/docbook') diff --git a/docs/docbook/manpages/smb.conf.5.sgml b/docs/docbook/manpages/smb.conf.5.sgml index 8452e97329..6ed870ed3e 100644 --- a/docs/docbook/manpages/smb.conf.5.sgml +++ b/docs/docbook/manpages/smb.conf.5.sgml @@ -6544,30 +6544,12 @@ restrict anonymous (G) - This is a boolean parameter. If it is yes, then - anonymous access to the server will be restricted, namely in the - case where the server is expecting the client to send a username, - but it doesn't. Setting it to yes will force these anonymous - connections to be denied, and the client will be required to always - supply a username and password when connecting. Use of this parameter - is only recommended for homogeneous NT client environments. - - This parameter makes the use of macro expansions that rely - on the username (%U, %G, etc) consistent. NT 4.0 - likes to use anonymous connections when refreshing the share list, - and this is a way to work around that. - - When restrict anonymous is yes, all anonymous connections - are denied no matter what they are for. This can effect the ability - of a machine to access the Samba Primary Domain Controller to revalidate - its machine account after someone else has logged on the client - interactively. The NT client will display a message saying that - the machine's account in the domain doesn't exist or the password is - bad. The best way to deal with this is to reboot NT client machines - between interactive logons, using "Shutdown and Restart", rather - than "Close all programs and logon as a different user". - - Default: restrict anonymous = no + This is a integer parameter, and + mirrors as much as possible the functinality the + RestrictAnonymous + registry key does on NT/Win2k. + + Default: restrict anonymous = 0 -- cgit