[Samba] prevent ldap bind for specific user

Rowland penny rpenny at samba.org
Tue Dec 3 15:32:18 UTC 2019

On 03/12/2019 15:05, lists via samba wrote:
> Hi,
> We are looking for ways to limit the logon options for a specific 
> user. We have configured "logon hours" and "logon to".
> We noticed however that this dis not prevent the user from accessing 
> ldap-authenticated services. (such as our intranet, etc)
> Is there a way to configure samba to disallow ldap binds completely 
> for a specific user?
> Thanks for suggestions!
> MJ
How about using the userAccountControl attribute ?

Add 2 to it and the account becomes disabled and a disabled account 
cannot authenticate to AD


More information about the samba mailing list