[Samba] Restricting logins to certain clients
Jean-Jacques Moulis
jj at isy.liu.se
Wed Dec 14 08:33:42 GMT 2005
On Mon, 12 Dec 2005 18:50:55 +0100 Hans Musil <hans.musil at gmx.de> wrote:
HM> I run samba-3 as PDC for a small domain with 4 clients. User
HM> A should be allowed to login on all client machines, while
HM> logins for the privileged user B should be restricted to 2
HM> machines for security reasons. Any ideas how to manage
HM> that? Suggestions for further reading would be highly
HM> appreciated?
A simple solution is to make a logoff in a logon script e.g.
if "%USERNAME%"=="B" if "%computername%"=="MACHINEX" \\server\netlogon\logoff.exe
it's a easy to maintain but a determined user B could log in anyway!
A sturdier solution:
map an Unix group to a Windows group e.g. "Undesirables"
make B a member of "Undesirables"
set security to "deny all" for the group "Undesirables" in C: C:\Documents and Settings ....
on all machines where B is unwanted.
It's a bit difficult to stay on a machine where you can't read a damn thing :-)
--
Jean-Jacques Moulis Tel: (013) 281684
ISY Fax: (013) 139282
Linköping University E-mail: jj at isy.liu.se
581 83 Linköping
More information about the samba
mailing list