[Samba] Deny a User from a specific Host
Steve Mc Gregor
stevemcgregor at gmail.com
Fri Dec 14 20:47:25 GMT 2007
You can set the "sambaUserWorkstations:" parameter in the ldap user leaf.
Can be done from the NT4 Doman User administration or using LDAP Account
On Dec 14, 2007 3:14 PM, Rubin Bennett <rbennett at thatitguy.com> wrote:
> On Fri, 2007-12-14 at 19:55 +0000, Net Warrior wrote:
> > Good, but, how do I tell, this user can log in in this windows machine
> > not in this other? I need a way to check
> > both, the user who's loggin agains my pdc in and the IP from the machine
> > he's trying to log to the domain. Isn't deny-host a more global way to
> > this host can access my machine?
> To do what you're after, I think you could do it with a carefully
> subnetted LAN (i.e. each department has a distinct LAN segment, not
> necessarily an actual subnet but a block of IPs that are predictably
> assigned via dhcp pools).
> Then using dynamically generated login scripts, you could cross
> reference the users' group membership with the IP pool that they're
> logging in from, and attempt to write in some nastiness that disables
> users from one group logging into the IP space of another group.
> This is actually an interesting idea in a way although if your directory
> ACLs and permissions are set up correctly and you're using the Samba
> server for storing everything, why worry if user "A" from accounting
> logs into user "B"'s pc in marketing? They won't be able to access
> anything they couldn't from their own computer, right?
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
Steve Mc Gregor
email: stevemcgregor at gmail.com
More information about the samba