[Samba] prevent ldap bind for specific user

Rowland penny rpenny at samba.org
Tue Dec 3 15:58:24 UTC 2019

On 03/12/2019 15:45, lists via samba wrote:
> Hi Rowland,
> Thanks!
> On 3-12-2019 16:32, Rowland penny via samba wrote:
>> How about using the userAccountControl attribute ?
>> Add 2 to it and the account becomes disabled and a disabled account 
>> cannot authenticate to AD
> But the accounts still needs to be able to logon to certain (a 
> specific list of) workstations...
> A disabled account account can not logon at all.
> MJ
 From your initial post, it sounded like you were trying to allow a user 
to only login during set hours, but had found that the user could still 
use LDAP. In this case, disabling the user with a script, is probably 
the only way to do what you require, you can run the script from cron.


More information about the samba mailing list