[Samba] prevent ldap bind for specific user

lists lists at merit.unu.edu
Tue Dec 3 16:08:51 UTC 2019

On 3-12-2019 16:58, Rowland penny via samba wrote:
>  From your initial post, it sounded like you were trying to allow a user 
> to only login during set hours, but had found that the user could still 
> use LDAP. In this case, disabling the user with a script, is probably 
> the only way to do what you require, you can run the script from cron.

Yes, the idea is: allow logins for some workstations, but prevent ldap 
binds at all times.

What suddenly came to mind: we have configured our ldap-connected 
services do a search for users under a certain OU. When I move the user 
to a different OU, it is no longer found by ldap searches, and domain 
logons still work, whilst taking into account the configured restrictions.

So, our problem solved :-)


More information about the samba mailing list