Re: [Samba] Restricting logins to certain clients
Thank you all for your help. I think I will try the logoff.exe approach. Of course, it is not a perfectly clean solution, but clean enough for my needs and much easier to handle than LDAP. Thanks Hans Musil -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Restricting logins to certain clients
Jean-Jacques Moulis schrieb: On Mon, 12 Dec 2005 18:50:55 +0100 Hans Musil <[EMAIL PROTECTED]> wrote: HM> I run samba-3 as PDC for a small domain with 4 clients. User HM> A should be allowed to login on all client machines, while HM> logins for the privileged user B should be restricted to 2 HM> machines for security reasons. Any ideas how to manage HM> that? Suggestions for further reading would be highly HM> appreciated? if you use Samba with LDAP, it's easy to do so if you manage your users with LAM (LDAP Account Manager) - http://lam.sf.net -- Tomek http://wpkg.org WPKG - software management with Samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Restricting logins to certain clients
On Mon, 12 Dec 2005 18:50:55 +0100 Hans Musil <[EMAIL PROTECTED]> wrote: HM> I run samba-3 as PDC for a small domain with 4 clients. User HM> A should be allowed to login on all client machines, while HM> logins for the privileged user B should be restricted to 2 HM> machines for security reasons. Any ideas how to manage HM> that? Suggestions for further reading would be highly HM> appreciated? A simple solution is to make a logoff in a logon script e.g. if "%USERNAME%"=="B" if "%computername%"=="MACHINEX" \\server\netlogon\logoff.exe it's a easy to maintain but a determined user B could log in anyway! A sturdier solution: map an Unix group to a Windows group e.g. "Undesirables" make B a member of "Undesirables" set security to "deny all" for the group "Undesirables" in C: C:\Documents and Settings on all machines where B is unwanted. It's a bit difficult to stay on a machine where you can't read a damn thing :-) -- Jean-Jacques Moulis Tel: (013) 281684 ISYFax: (013) 139282 Linköping UniversityE-mail: [EMAIL PROTECTED] 581 83 Linköping -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba