[Samba] Winbind and GPO access restrictions?
Patrick Goetz
pgoetz at math.utexas.edu
Fri Oct 1 16:02:01 UTC 2021
While most of my campus Samba projects are still going to need to play
nice with at least sssd id mapping, I do have one project which, based
on discussions on this list, I was planning to configure strictly with
winbind, since the AD DC is going to be Samba and it's the rare luxury
where I get to control everything.
However, a couple of days ago I had an anxiety-inducing thought. This
is a mixed windows/linux environment, and one of the features the end
users would like and which I've already promised them is that the linux
machines would have different access restrictions from the Windows
desktops. The way I've been doing this with sssd is creating a GPO
applied to the host (or set of hosts) which restricts access to a
particular security group.
Reading through this page: https://wiki.samba.org/index.php/Group_Policy
it's not clear this would also be possible with winbind. Would such a
thing fall under the category of "smb.conf Policies"? It doesn't seem
like it, since smb.conf access restrictions are most aimed at share control.
Thanks.
More information about the samba
mailing list