[Samba] prevent ldap bind for specific user
L.P.H. van Belle
belle at bazuin.nl
Tue Dec 3 16:04:01 UTC 2019
Why not.
Create a group. Deny-PC-Logon
Create GPO goto : Policies > Window Settings > Security Settings > Local Policies > User Rights Assignment
Open the Deny log on locally policy add the group.
Something like that, you get the idea.. Can work it out atm, to buzzy.
But at least, MJ should know the idea now ;-)
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Rowland penny via samba
> Verzonden: dinsdag 3 december 2019 16:58
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] prevent ldap bind for specific user
>
> On 03/12/2019 15:45, lists via samba wrote:
> > Hi Rowland,
> >
> > Thanks!
> >
> > On 3-12-2019 16:32, Rowland penny via samba wrote:
> >> How about using the userAccountControl attribute ?
> >>
> >> Add 2 to it and the account becomes disabled and a
> disabled account
> >> cannot authenticate to AD
> >
> > But the accounts still needs to be able to logon to certain (a
> > specific list of) workstations...
> >
> > A disabled account account can not logon at all.
> >
> > MJ
> >
> From your initial post, it sounded like you were trying to
> allow a user
> to only login during set hours, but had found that the user
> could still
> use LDAP. In this case, disabling the user with a script, is probably
> the only way to do what you require, you can run the script from cron.
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list