1
<samba:parameter name="restrict anonymous"
4
advanced="1" developer="1"
5
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
7
<para>The setting of this parameter determines whether user and
8
group list information is returned for an anonymous connection.
9
and mirrors the effects of the
11
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
12
Control\LSA\RestrictAnonymous
14
registry key in Windows 2000 and Windows NT. When set to 0, user
15
and group list information is returned to anyone who asks. When set
16
to 1, only an authenticated user can retrive user and
17
group list information. For the value 2, supported by
18
Windows 2000/XP and Samba, no anonymous connections are allowed at
19
all. This can break third party and Microsoft
20
applications which expect to be allowed to perform
21
operations anonymously.</para>
24
The security advantage of using restrict anonymous = 1 is dubious,
25
as user and group list information can be obtained using other
31
The security advantage of using restrict anonymous = 2 is removed
32
by setting <smbconfoption name="guest ok">yes</smbconfoption> on any share.
37
<value type="default">0</value>