[Samba] Access to ldb with simpleSecurityObject

Quentin Gibeaux qgibeaux at iris-tech.fr
Fri Jul 4 06:50:59 MDT 2014

On 04/07/2014 13:04, Andrew Bartlett wrote:
> On Mon, 2014-06-30 at 12:05 +0200, Quentin Gibeaux wrote:
>> I'd like to use simpleSecurityObject (that aren't 'user') to manage
>> entries from cron, cgi and so on, without allowing this user to login on
>> windows clients, samba shares, etc. I'm afraid that won't be possible,
>> but i might be wrong.
> No, it's not possible in Samba.  A user is a user, as far as AD is
> concerned.
> Andrew Bartlett
Thanks for the answer.

So how can I limit rights for a specific user ? I've already denied the 
rights of this ldb-only user with gpo (can't connect on machine) and 
smb.conf (invalid -user = someone), but he might still access to some 
services : I'd prefer to express the allows rather than the denies . 
There's no right like «rw to ldb objects» that can be set somewhere (in 
AD or conf) ?

Quentin Gibeaux.

More information about the samba mailing list