1 <samba:parameter name="restrict anonymous"
3 advanced="1" developer="1"
4 xmlns:samba="http://samba.org/common">
6 <para>The setting of this parameter determines whether user and
7 group list information is returned for an anonymous connection.
8 and mirrors the effects of the
9 <constant>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\RestrictAnonymous</constant> registry key in Windows
10 2000 and Windows NT. When set to 0, user and group list
11 information is returned to anyone who asks. When set
12 to 1, only an authenticated user can retrive user and
13 group list information. For the value 2, supported by
14 Windows 2000/XP and Samba, no anonymous connections are allowed at
15 all. This can break third party and Microsoft
16 applications which expect to be allowed to perform
17 operations anonymously.
19 The security advantage of using restrict anonymous = 1 is dubious,
20 as user and group list information can be obtained using other
23 The security advantage of using restrict anonymous = 2 is removed
24 by setting <link linkend="GUESTOK"><parameter moreinfo="none">guest
25 ok</parameter></link> = yes</para> on any share.
29 <para>Default: <command moreinfo="none">restrict anonymous = 0</command></para>