[Samba] prevent ldap bind for specific user
Rowland penny
rpenny at samba.org
Tue Dec 3 15:58:24 UTC 2019
On 03/12/2019 15:45, lists via samba wrote:
> Hi Rowland,
>
> Thanks!
>
> On 3-12-2019 16:32, Rowland penny via samba wrote:
>> How about using the userAccountControl attribute ?
>>
>> Add 2 to it and the account becomes disabled and a disabled account
>> cannot authenticate to AD
>
> But the accounts still needs to be able to logon to certain (a
> specific list of) workstations...
>
> A disabled account account can not logon at all.
>
> MJ
>
From your initial post, it sounded like you were trying to allow a user
to only login during set hours, but had found that the user could still
use LDAP. In this case, disabling the user with a script, is probably
the only way to do what you require, you can run the script from cron.
Rowland
More information about the samba
mailing list