domain logon restriction

Andrew Bartlett abartlet at
Mon May 14 08:02:29 GMT 2001

Dmitry Melekhov wrote:
> Turan Demirci wrote:
> > Hi I want to build a student pclab using samba and nt.
> > currently we are using netware 4.0. We can restrict students to
> > login from one pc at a time, by netware. I want to do the same by
> > samba. I search net but could not find any way to do it.
> > Is there a way to restrict domain logon number to a user?
> > If yes can you show me the way?
> > Thanks......
> Never thought about this before...
> But I think only way is to disable/enable account in smbpasswd by cron.

Use a pam session module, and the new pam session support in Samba 2.2.1
(obey pam restrictions = yes must be set).  There is a maximum logon
module already, so either hack that, or write somthing similar.  The
ttyname can be used as a key in the db, as we supply that when we
start/end the sessions.

Note that this is not used for domain logons, but for the file-share
connections, so presumes that your users get somthing critical like
their home directrory from the server.  

Andrew Bartlett
abartlet at

Andrew Bartlett
abartlet at

More information about the samba-technical mailing list