From 452d0ba9605451affeb69c519ddc5aa92ab884c8 Mon Sep 17 00:00:00 2001
From: Jean-Philippe Pialasse <jpp@koozali.org>
Date: Thu, 14 Nov 2024 08:54:40 -0500
Subject: [PATCH] * Thu Nov 14 2024 Jean-Philippe Pialasse <jpp@koozali.org>
 11.0.0-8.sme - disable access to list of users without being logged in [SME:
 12765]

---
 root/etc/e-smith/templates/etc/smb.conf/11anonymous | 6 +++---
 smeserver-samba.spec                                | 4 ++--
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/root/etc/e-smith/templates/etc/smb.conf/11anonymous b/root/etc/e-smith/templates/etc/smb.conf/11anonymous
index a3060a4..53b43c9 100644
--- a/root/etc/e-smith/templates/etc/smb.conf/11anonymous
+++ b/root/etc/e-smith/templates/etc/smb.conf/11anonymous
@@ -1,8 +1,8 @@
 {
 # 0 allows to retrieve the list of users without being logged on the domain 
-# 1 will disable anonymous SAMR access.
-# 2 will, in addition to restricting SAMR access, disallow anonymous connections to the IPC$ share in general.
+# 1 will disable anonymous SAMR access. (including user enumeration)
+# 2 will, in addition to restricting SAMR access, disallow anonymous connections to the IPC$ share in general. (preventing login to smb PDC)
 # The option also affects the browse option which is required by legacy clients which rely on Netbios browsing. 
 # While modern Windows version should be fine with restricting the access there could still be applications relying on anonymous access.
 }
-restrict anonymous = 2
+restrict anonymous = 1
diff --git a/smeserver-samba.spec b/smeserver-samba.spec
index de8e8e5..df51bd1 100644
--- a/smeserver-samba.spec
+++ b/smeserver-samba.spec
@@ -4,7 +4,7 @@ Summary: smeserver specific Samba configuration files and templates
 %define name smeserver-samba
 Name: %{name}
 %define version 11.0.0
-%define release 7
+%define release 8
 Version: %{version}
 Release: %{release}%{?dist}
 License: GPL
@@ -41,7 +41,7 @@ Requires: /usr/bin/tdbbackup
 AutoReqProv: no
 
 %changelog
-* Tue Nov 12 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-7.sme
+* Thu Nov 14 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-8.sme
 - disable access to list of users without being logged in [SME: 12765]
 
 * Tue Aug 13 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-6.sme