On Mon, 12 Dec 2005 18:50:55 +0100 Hans Musil <[EMAIL PROTECTED]> wrote:
HM> I run samba-3 as PDC for a small domain with 4 clients. User HM> A should be allowed to login on all client machines, while HM> logins for the privileged user B should be restricted to 2 HM> machines for security reasons. Any ideas how to manage HM> that? Suggestions for further reading would be highly HM> appreciated? A simple solution is to make a logoff in a logon script e.g. if "%USERNAME%"=="B" if "%computername%"=="MACHINEX" \\server\netlogon\logoff.exe it's a easy to maintain but a determined user B could log in anyway! A sturdier solution: map an Unix group to a Windows group e.g. "Undesirables" make B a member of "Undesirables" set security to "deny all" for the group "Undesirables" in C: C:\Documents and Settings .... on all machines where B is unwanted. It's a bit difficult to stay on a machine where you can't read a damn thing :-) -- Jean-Jacques Moulis Tel: (013) 281684 ISY Fax: (013) 139282 Linköping University E-mail: [EMAIL PROTECTED] 581 83 Linköping -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba