The requirement is that we have "winbind sealed pipes = false" and "require strong key = false" before we make anonymous connections. These are a security risk as we cannot prevent MITM attacks.
Andrew Bartlett
e2cd325 winbindd: Do not make anonymous connections by default
source3/winbindd/winbindd_cm.c | 29 +++++++++++++++++++++++++++++
1 file changed, 29 insertions(+)
Upstream: gitweb.samba.org