Configure access restrictions for anonymous users
By default, an anonymous, unauthenticated user (also known as the null user) can access certain information on the network. You can use a SMB server option to configure access restrictions for the anonymous user.
The -restrict-anonymous
SMB server option corresponds to the RestrictAnonymous
registry entry in Windows.
Anonymous users can list or enumerate certain types of system information from Windows hosts on the network, including user names and details, account policies, and share names. You can control access for the anonymous user by specifying one of three access restriction settings:
Value | Description |
---|---|
|
Specifies no access restrictions for anonymous users. |
|
Specifies that only enumeration is restricted for anonymous users. |
|
Specifies that access is restricted for anonymous users. |
-
Set the privilege level to advanced:
set -privilege advanced
-
Configure the restrict anonymous setting:
vserver cifs options modify -vserver vserver_name -restrict-anonymous {no-restriction|no-enumeration|no-access}
-
Verify that the option is set to the desired value:
vserver cifs options show -vserver vserver_name
-
Return to the admin privilege level:
set -privilege admin