Merge branch 'master' of ssh://git.koozali.org:2222/smeserver/smeserver-samba

- disable access to list of users without being logged in [SME: 12765]

.gitignore

@@ -2,3 +2,4 @@
 *.log
 *spec-20*
 *.tar.xz
+*.bak

README.md

@@ -6,7 +6,14 @@ SMEServer Koozali developed git repo for smeserver-samba smeserver
 <br />https://wiki.koozali.org/
 
 ## Bugzilla
-Show list of outstanding bugs: [here](https://bugs.koozali.org/buglist.cgi?component=smeserver-samba&product=SME%20Server%2010.X&query_format=advanced&limit=0&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&bug_status=CONFIRMED)\
+Show list of outstanding bugs:
+[All](https://bugs.koozali.org/buglist.cgi?action=wrap&bug_status=UNCONFIRMED&bug_status=CONFIRMED&bug_status=NEEDINFO&bug_status=IN_PROGRESS&bug_status=RESOLVED&bug_status=VERIFIED&cf_package=smeserver-samba&classification=SME+Server&list_id=105756&order=changeddate+DESC%2Ccomponent%2Cpriority%2Cbug_severity&query_format=advanced)  
+[Confirmed](https://bugs.koozali.org/buglist.cgi?action=wrap&bug_status=CONFIRMED&cf_package=smeserver-samba&classification=SME+Server&order=changeddate+DESC%2Ccomponent%2Cpriority%2Cbug_severity&query_format=advanced)  
+[Unconfirmed](https://bugs.koozali.org/buglist.cgi?action=wrap&bug_status=UNCONFIRMED&cf_package=smeserver-samba&classification=SME+Server&order=changeddate+DESC%2Ccomponent%2Cpriority%2Cbug_severity&query_format=advanced)  
+[Need info](https://bugs.koozali.org/buglist.cgi?action=wrap&bug_status=NEEDINFO&cf_package=smeserver-samba&classification=SME+Server&order=changeddate+DESC%2Ccomponent%2Cpriority%2Cbug_severity&query_format=advanced)  
+[In progress](https://bugs.koozali.org/buglist.cgi?action=wrap&bug_status=IN_PROGRESS&cf_package=smeserver-samba&classification=SME+Server&order=changeddate+DESC%2Ccomponent%2Cpriority%2Cbug_severity&query_format=advanced)  
+[Resolved](https://bugs.koozali.org/buglist.cgi?action=wrap&bug_status=RESOLVED&cf_package=smeserver-samba&classification=SME+Server&order=changeddate+DESC%2Ccomponent%2Cpriority%2Cbug_severity&query_format=advanced)  
+[Verified](https://bugs.koozali.org/buglist.cgi?action=wrap&bug_status=VERIFIED&cf_package=smeserver-samba&classification=SME+Server&order=changeddate+DESC%2Ccomponent%2Cpriority%2Cbug_severity&query_format=advanced)
 And a list of outstanding Legacy bugs: (e-smith-samba) [here](https://bugs.koozali.org/buglist.cgi?component=e-smith-samba&product=SME%20Server%2010.X&query_format=advanced&limit=0&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&bug_status=CONFIRMED)
 
 ## Description

root/etc/e-smith/templates/etc/smb.conf/11anonymous

@@ -0,0 +1,8 @@
+{
+# 0 allows to retrieve the list of users without being logged on the domain 
+# 1 will disable anonymous SAMR access. (including user enumeration)
+# 2 will, in addition to restricting SAMR access, disallow anonymous connections to the IPC$ share in general. (preventing login to smb PDC)
+# The option also affects the browse option which is required by legacy clients which rely on Netbios browsing. 
+# While modern Windows version should be fine with restricting the access there could still be applications relying on anonymous access.
+}
+restrict anonymous = 1

smeserver-samba.spec

@@ -4,7 +4,7 @@ Summary: smeserver specific Samba configuration files and templates
 %define name smeserver-samba
 Name: %{name}
 %define version 11.0.0
-%define release 6
+%define release 8
 Version: %{version}
 Release: %{release}%{?dist}
 License: GPL
@@ -41,6 +41,9 @@ Requires: /usr/bin/tdbbackup
 AutoReqProv: no
 
 %changelog
+* Thu Nov 14 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-8.sme
+- disable access to list of users without being logged in [SME: 12765]
+
 * Tue Aug 13 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-6.sme
 - use esmith::util::ldap for machines LDAP account [SME: 12687]