Group membership and workstation logon permissions

Tim Gildersleeve t.gildersleeve at
Thu Mar 1 15:01:33 GMT 2001


 I hope this is the right place to raise this.  I have looked around for a
while and cant seem to find an answer elsewhere.

I have been using Samba for a number of years now - but mainly for my home
network.  I am implementing Samba where I work now.  We have a small network
of around 20 WinNT workstation clients, that until now have been served by a
WinNT Server PDC.  Unfortunatly this has proven somewhat "flakey" over the
last few months and we are planning to put a linux/samba based PDC in place
of it.

One problem is of NT policy files.  We can just copy the policy file over to
the netlogon share of the Samba, but this has several user, group and
default policies.  I cant seem to find out how to make a user below to a
particular group, so the correct policies will be implemented on the
clients.  The client machines are all student access machines used for
running cdrom databases as part of our college library.  We have set them up
with fairly tight security, so that they cant (at least easily) install and
run other programs.  We need to be able to put these users in groups.  IF we
cant there is another way around this problem but that is what we would like
to do.

Secondly, we restrict users to being able to login to a particular
workstation (they dont log in as themselves, but as a pass number).  We want
pass one to only be able to log onto workstation one for example.  Is this
at all posible?

If anyone out there can shed some light on this I would be grateful.  

PS:  I am quite prepared to go with 2.2alpha2 if that is what is needed.  I
already use this at home as a PDC for my Win2000 Pro clients.


Tim Gildersleeve
Home:   tim at
Work: t.gildersleeve at
Bradford College Library

More information about the samba-ntdom mailing list