Project

General

Profile

Tâche #28169

Scénario #27913: SETH DC : Conserver le même mapping RID - UID/GID entre tous les DC

Protéger l'AD Seth contre rpclient

Added by Gilles Grandgérard 11 months ago. Updated 10 months ago.

Status:
Fermé
Priority:
Normal
Assigned To:
-
Start date:
04/29/2019
Due date:
% Done:

100%

Estimated time:
0.00 h
Remaining (hours):
0.0

Description

Ajouter 'restrict anonymous = 2' dans les msb.conf des DC


Related issues

Related to Distribution EOLE - Tâche #28670: Options à ajouter dans la configuration Samba du conteneur ADDC Fermé 06/20/2019
Related to Distribution EOLE - Tâche #29367: Correctif de sécurité samba (EOLE < 2.7.1) Fermé 07/03/2019

Associated revisions

Revision d1f8ed32 (diff)
Added by Gilles Grandgérard 11 months ago

Ajouter 'restrict anonymous = 2' dans les smb.conf

REF #28169

Revision ebea5bd3 (diff)
Added by Gilles Grandgérard 2 months ago

Ajouter 'restrict anonymous = 2' dans les smb.conf

REF #28169

Cherry-picked from eole-ad-dc:d1f8ed32

History

#1 Updated by Gilles Grandgérard 11 months ago

sans le parametre :

rpcclient -U "" -N -c enumdomusers 192.168.232.6
user:[Administrator] rid:[0x1f4]
user:[Guest] rid:[0x1f5]
user:[krbtgt] rid:[0x1f6]
user:[admin] rid:[0x44f]
user:[ggrandgerard] rid:[0x453]
user:[luc] rid:[0x454]
user:[gilles] rid:[0x455]
user:[barco] rid:[0x457]
user:[dns-dc1] rid:[0x459]
user:[dns-dc2] rid:[0x641]

ajout parametre 'restrict anonymous = 2'

smbcontrol all reload-config

rpcclient -U "" -N -c enumdomusers 192.168.232.6
Cannot connect to server. Error was NT_STATUS_ACCESS_DENIED
> OK

rpcclient -P -N -c enumdomusers 192.168.232.6
> OK avec le compte de machine

#2 Updated by Gilles Grandgérard 11 months ago

  • Status changed from Nouveau to Résolu

#3 Updated by Gilles Grandgérard 10 months ago

  • Status changed from Résolu to Fermé
  • Remaining (hours) set to 0.0

#4 Updated by Joël Cuissinat 10 months ago

  • % Done changed from 0 to 100
  • Estimated time set to 0.00 h

#5 Updated by Joël Cuissinat 10 months ago

  • Related to Tâche #28670: Options à ajouter dans la configuration Samba du conteneur ADDC added

#6 Updated by Joël Cuissinat 4 months ago

  • Related to Tâche #29367: Correctif de sécurité samba (EOLE < 2.7.1) added

Also available in: Atom PDF