[Samba] prevent ldap bind for specific user
Rowland penny
rpenny at samba.org
Tue Dec 3 15:32:18 UTC 2019
On 03/12/2019 15:05, lists via samba wrote:
> Hi,
>
> We are looking for ways to limit the logon options for a specific
> user. We have configured "logon hours" and "logon to".
>
> We noticed however that this dis not prevent the user from accessing
> ldap-authenticated services. (such as our intranet, etc)
>
> Is there a way to configure samba to disallow ldap binds completely
> for a specific user?
>
> Thanks for suggestions!
>
> MJ
>
How about using the userAccountControl attribute ?
Add 2 to it and the account becomes disabled and a disabled account
cannot authenticate to AD
Rowland
More information about the samba
mailing list