Novell Home

My Favorites

Close

Please to see your favorites.

CIFS Shares Are Able To Be Enumerated By A NULL User

This document (7011886) is provided subject to the disclaimer at the end of this document.

Environment

Novell NetWare 6.5 Support Pack 8
Novell Open Enterprise Server 2 (OES 2) Linux Support Pack 3
Novell Open Enterprise Server 11 (OES 11) Linux Support Pack 2

Situation

By default, NULL users can enumerate CIFS shares under NetWare and OES.  This is true on Windows, NetWare, and OES (as the latter emulate the first).

Resolution

Disallowing NULL users from enumerating shares can cause various issues as some applications are dependent upon it in order to function correctly (or function at all).  Allowing NULL users to enumerate shares is done intentionally as clients and applications use the "NULL user" sessions to perform various tasks such as enumerating shares, getting lists of machines, and the "change password" feature on Windows NT and MAC clients.  More details can be found in the following Microsoft article:
 
This does not impose a security risk on NetWare or OES servers as all access to the NSS shares (the only shares available to CIFS on these particular operating systems) as all access and rights to the share are controlled via eDirectory.

Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:7011886
  • Creation Date:05-MAR-13
  • Modified Date:05-MAR-13
    • NovellNetWare
      Open Enterprise Server

Did this document solve your problem? Provide Feedback