On Mon, 12 Dec 2005 18:50:55 +0100 Hans Musil wrote:

HM> I run samba-3 as PDC for a small domain with 4 clients. User
HM> A should be allowed to login on all client machines, while
HM> logins for the privileged user B should be restricted to 2
HM> machines for security reasons. Any ideas how to manage
HM> that? Suggestions for further reading would be highly
HM> appreciated?

A simple solution is to make a logoff in a logon script e.g.
if "%USERNAME%"=="B" if "%computername%"=="MACHINEX" \\server\netlogon\logoff.exe

it's a easy to maintain but a determined user B could log in anyway!

A sturdier solution:

map an Unix group to a Windows group e.g. "Undesirables"
make B a member of "Undesirables"

set security to "deny all" for the group "Undesirables" in C: C:\Documents and Settings ....
on all machines where B is unwanted.

It's a bit difficult to stay on a machine where you can't read a damn thing :-)

Jean-Jacques Moulis Tel: (013) 281684
ISY Fax: (013) 139282
Linköping University E-mail: jj@isy.liu.se
581 83 Linköping
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba