How to restrict the anonymous connections to a samba server from enumerating the domain users information ?
Issue
-
Anonymous rpcclient connections to RHEL samba servers are able to enumerate the domain users using enumdomusers.
-
After connecting to the samba server as anonymous user :
root@rhel:~# rpcclient -U "" xx.xx.xx.xx Enter 's password:
-
Users are able to list the domain users information with the command enumdomusers as below :
rpcclient $> enumdomusers user:[nobody] rid:[0x1f5] user:[gh0s7] rid:[0x3e8]
-
How to restrict the anonymous users to be able to list this information ?
Environment
- Red Hat Enterprise Linux 5
- Red Hat Enterprise Linux 6
- Red Hat Enterprise Linux 7
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.