[Samba] Authorizing login per station

Andrew Bartlett abartlet at pcug.org.au
Sat May 11 01:26:02 GMT 2002

Mario Juric wrote:
> Hi,
>         We're using Samba 2.2.2 as a PDC for W2k and XP clients. We have
> two types of users - "regular" users and "management". The problem I have
> is to allow only the "management" users to login from certain stations,
> and deny the login rights to regular users. That is, I need the ability do
> set per-station login permissions.
>         Is there a way to do this using samba 2.2.x branch, or is it
> planned for 3.x? If there's a way to do this with 2.2.x, I'd appreciate
> any pointer to docs or other info on doing it.

Implemented in Samba 3.0 - use either the ldap or tdb backends, and set
via user mangager or a manual ldap modification.  The attribute (a comma
seperated list) is userWorkstations in LDAP.

Otherwise, look at what PAM modules you can find, and limit based on
RHOST value (a paramater we pass to PAM, which is either the IP or
reverse DNS).

Andrew Bartlett

Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net

More information about the samba mailing list