[Samba] Restricting logins to certain clients

Jean-Jacques Moulis jj at isy.liu.se
Wed Dec 14 08:33:42 GMT 2005

On Mon, 12 Dec 2005 18:50:55 +0100 Hans Musil <hans.musil at gmx.de> wrote:

HM> I run samba-3 as PDC for a small domain with 4 clients. User 
HM> A should be allowed to login on all client machines, while 
HM> logins for the privileged user B should be restricted to 2 
HM> machines for security reasons. Any ideas how to manage 
HM> that? Suggestions for further reading would be highly 
HM> appreciated?

A simple solution is to make a logoff in a logon script e.g.  
if "%USERNAME%"=="B" if "%computername%"=="MACHINEX" \\server\netlogon\logoff.exe

it's a easy to maintain but a determined user B could log in anyway!

A sturdier solution:

map an Unix group to a Windows group e.g. "Undesirables"
make B a member of "Undesirables"

set security to "deny all" for the group "Undesirables" in C: C:\Documents and Settings ....
on all machines where B is unwanted.

It's a bit difficult to stay on a machine where you can't read a damn thing :-)

Jean-Jacques   Moulis                              Tel:  (013) 281684
ISY                                                Fax:  (013) 139282
Linköping University                            E-mail: jj at isy.liu.se
581 83 Linköping

More information about the samba mailing list