[Samba] Samba 4 Restrict User Create

Marc Muehlfeld mmuehlfeld at samba.org
Sat Nov 15 06:57:20 MST 2014

Hello Greg,

Am 14.11.2014 um 21:11 schrieb Greg Zartman:
>>> What if I want to restrict user creation to only the server where samba
>> is running?
>> This isn't very specific. Can you give a concrete example, please?
> I would like to restrict create user to only the Samba AD DC machine.

Active Directory is a multi direction replicating database. All changes
done on one DC in the AD, are replicated to all other DCs. So why you
want to limit?

> One option is to block the port of RSAT so that it can't talk to Samba, but
> it would be better if we could restrict such access within Samba itself.

RSAT uses LDAP (389/tcp) to talk to the DCs. If you block that port,
then your complete AD would not work (domain logons, replication etc.)

I still don't understand, what the goal is, you want to reach with your


More information about the samba mailing list