The Samba-Bugzilla – Bug 12775
Change default value of restrict anonymous = 2
Last modified: 2017-06-27 19:00:35 UTC
Currently the default value of restrict anonymous is 0 even on Samba AD DC. It allows a user to list the domain users from a client without authentication using the following command and it is detected as a security issue by network security tools:
rpcclient -U "" server_ip
It should be changed to restrict anonymous = 2, at when running in DC mode.