[Samba] Host based access control?

Marc Muehlfeld mmuehlfeld at samba.org
Mon Dec 8 11:21:20 MST 2014


Am 08.12.2014 um 18:56 schrieb Min Wai Chan:
> If you are using windows as a client...
> Samba AD DC GPO do support client and host limitation with time limit.
> But I'm not too sure if that happen to any linux client...

I'm not sure, what you're meaning. Are you talking about the "logon to
machine" stuff in ADUC (don't know the attribute name atm)? But this
isn't GPO. It's AD internal.

GPOs are just registry values. There's nothing on a *nix machine that
knows what to do with it. As far as I know Lukes GPO enhancements for
DCs isn't part of any official release yet. And this would also just
handle GPOs, that are related to Samba. Because many of the GPO stuff
would be theoretically possible (e. g. "allow remote login for
user/group", "folder redirection"), but has to be handled by other
services than Samba (PAM, pam_mount, etc.).


More information about the samba mailing list