Restricting Network logon by IP and User? - SMB

This is a discussion on Restricting Network logon by IP and User? - SMB ; Hoping for a little advice here, it's been a while since I've played with Samba as a PDC and am now a bit rusty. I've currently got Samba 3 setup as a PDC for some win98 clients and would like ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: Restricting Network logon by IP and User?

  1. Restricting Network logon by IP and User?

    Hoping for a little advice here, it's been a while since I've played with
    Samba as a PDC and am now a bit rusty.

    I've currently got Samba 3 setup as a PDC for some win98 clients and would
    like to prevent certain users from accessing certain PC's.

    Current setup is

    192.168.0.1 Gateway
    192.168.0.2 Samba Server and LTSP Server
    192.168.0.3 Win98 Workstation (user fred)
    192.168.0.4 Win98 Workstation (user mary)
    192.168.0.5 Win98 Workstation (user george)

    Roaming profiles is not enabled but I have forced network logon from the
    workstations so that Internet access can be turned on or off by stop/start
    smb.

    What I would like to do is let Fred use Mary's PC but not George's.

    Can anybody enlighten me on how to do this?

  2. Re: Restricting Network logon by IP and User?

    On Sat, 24 Jan 2004 22:31:12 +0000, nope wrote:

    > Hoping for a little advice here, it's been a while since I've played with
    > Samba as a PDC and am now a bit rusty.
    >
    > I've currently got Samba 3 setup as a PDC for some win98 clients and would
    > like to prevent certain users from accessing certain PC's.
    >
    > Current setup is
    >
    > 192.168.0.1 Gateway
    > 192.168.0.2 Samba Server and LTSP Server
    > 192.168.0.3 Win98 Workstation (user fred)
    > 192.168.0.4 Win98 Workstation (user mary)
    > 192.168.0.5 Win98 Workstation (user george)
    >
    > Roaming profiles is not enabled but I have forced network logon from the
    > workstations so that Internet access can be turned on or off by stop/start
    > smb.
    >
    > What I would like to do is let Fred use Mary's PC but not George's.
    >
    > Can anybody enlighten me on how to do this?


    Correction samba version is 2.2.7a-8.9.0

  3. Re: Restricting Network logon by IP and User?

    nope writes:

    I have some Samba patches that allow for a domain login script that
    runs on the Unix PDC - see
    http://www.utsc.utoronto.ca/~harper/samba/domain.html

    If the logon script checks a DB that associates who can logon where,
    it can exit with a non-zero status and you can get the workstation to pop
    up a message box. These are the codes I found most useful:

    # see include/nt.err in the Samba source dir for possible exit codes
    # most useful are:
    #define NT_STATUS_LOGON_FAILURE NT_STATUS(0xC0000000 | 0x006d)
    # (109) - standard failure message, same as if password typed incorrectly
    #define NT_STATUS_ACCOUNT_RESTRICTION NT_STATUS(0xC0000000 | 0x006e)
    # (110) "unable to log you on because of an account restriction"
    #define NT_STATUS_INVALID_LOGON_HOURS NT_STATUS(0xC0000000 | 0x006f)
    # (111) "..invalid hours. Try again later."
    #define NT_STATUS_INVALID_WORKSTATION NT_STATUS(0xC0000000 | 0x0070)
    # (112) "Try another workstation" most useful of all
    #define NT_STATUS_PASSWORD_EXPIRED NT_STATUS(0xC0000000 | 0x0071)
    # (113) " must change password" - gets a pw change box!
    #define NT_STATUS_ACCOUNT_DISABLED NT_STATUS(0xC0000000 | 0x0072)
    # (114) " account disabled. Please see your admin"

    Hope this helps.

    John Harper
    ------------------------------------
    Academic Computing Coordinator
    Computing and Networking Services
    University of Toronto at Scarborough
    harper@utsc.utoronto.ca


    > On Sat, 24 Jan 2004 22:31:12 +0000, nope wrote:
    >
    > > Hoping for a little advice here, it's been a while since I've played with
    > > Samba as a PDC and am now a bit rusty.
    > >
    > > I've currently got Samba 3 setup as a PDC for some win98 clients and would
    > > like to prevent certain users from accessing certain PC's.
    > >
    > > Current setup is
    > >
    > > 192.168.0.1 Gateway
    > > 192.168.0.2 Samba Server and LTSP Server
    > > 192.168.0.3 Win98 Workstation (user fred)
    > > 192.168.0.4 Win98 Workstation (user mary)
    > > 192.168.0.5 Win98 Workstation (user george)
    > >
    > > Roaming profiles is not enabled but I have forced network logon from the
    > > workstations so that Internet access can be turned on or off by stop/start
    > > smb.
    > >
    > > What I would like to do is let Fred use Mary's PC but not George's.
    > >
    > > Can anybody enlighten me on how to do this?

    >
    > Correction samba version is 2.2.7a-8.9.0


+ Reply to Thread