denying users logons
smarian at rdslink.ro
Tue Feb 19 17:14:05 GMT 2002
Hello, people. I have a little ( or big ) problem ... I got samba 2.2.3a ( latest release ) and I hoped that there will be some group management. Anyway, it's not a big problem, I made manually the groups on the workstations ( win2k ( without any service pack ), P IV 1.5 GHz ... it doesn't matter, anyway ) .Samba server is acting as a PDC. The task I have to accomplish is to deny logons of users from unauthorized workstations ... for example only s301 and a locally defined group of users ( the teachers, let's say ) may logon on the station301... how to do this ? Do I have to install win2k DC server in order to get this working ? ( i heard (and i'm sure ) it is able to allow logons only from specific stations ) ... should "--with-ldapsam" help me ? Anyway, I made something but I'm not sure it's very secure : went in the "local policies" and denied all locally logons except "s301" and "teachers". But nothing can stop them to switch credentials ( s301 to change to s302, there is no password for the users, they are used for public access , and have mandatory profiles, and it's very important to enforce that limitation ) .
-------------- next part --------------
HTML attachment scrubbed and removed
More information about the samba-technical