[Samba] prevent ldap bind for specific user
lists at merit.unu.edu
Tue Dec 3 16:08:51 UTC 2019
On 3-12-2019 16:58, Rowland penny via samba wrote:
> From your initial post, it sounded like you were trying to allow a user
> to only login during set hours, but had found that the user could still
> use LDAP. In this case, disabling the user with a script, is probably
> the only way to do what you require, you can run the script from cron.
Yes, the idea is: allow logins for some workstations, but prevent ldap
binds at all times.
What suddenly came to mind: we have configured our ldap-connected
services do a search for users under a certain OU. When I move the user
to a different OU, it is no longer found by ldap searches, and domain
logons still work, whilst taking into account the configured restrictions.
So, our problem solved :-)
More information about the samba