Rodrigo Abrantes Antunes
2015-May-19 11:40 UTC
[Samba] Deny login for a specific user in a specific machine in a samba domain
PDC. I'm using samba 3, I need scripts to apply GPO? Citando Tim <lists at kiuni.de>:> PDC or ADDC? You could achieve this with a GPO. > > Regards > Tim > ? > Am 18. Mai 2015 18:20:28 MESZ, schrieb Rodrigo Abrantes Antunes > <rodrigoantunes at pelotas.ifsul.edu.br>: >> Hi, I have samba as a PDC and I need to deny login for a specific user >> in a specific machine. How can I achieve that?-- Rodrigo Abrantes Antunes Instituto Federal Sul-rio-grandense
Marc Muehlfeld
2015-May-19 12:43 UTC
[Samba] Deny login for a specific user in a specific machine in a samba domain
Hello Rodrigo, Am 19.05.2015 um 13:40 schrieb Rodrigo Abrantes Antunes:> PDC. I'm using samba 3, I need scripts to apply GPO?You need an AD DC, to use group policies. I'm pretty sure that you can't do that in an NT4 domain with poledit, too. A workaround may be to deny the logon for this user in the machines local security policy: https://technet.microsoft.com/en-us/library/dd277395.aspx Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment -> Deny logon locally Regards, Marc
Rodrigo Abrantes Antunes
2015-May-20 12:00 UTC
[Samba] Deny login for a specific user in a specific machine in a samba domain
Well, samba 3 can't act as AD DC, so I guess the only way I can achieve this remotely is setting this in registry using a login script. How can I set this in registry? There Isn't something that automates the creation of scripts that change policies by registry? Citando Marc Muehlfeld <mmuehlfeld at samba.org>:> Hello Rodrigo, > > Am 19.05.2015 um 13:40 schrieb Rodrigo Abrantes Antunes: >> PDC. I'm using samba 3, I need scripts to apply GPO? > > You need an AD DC, to use group policies. I'm pretty sure that you can't > do that in an NT4 domain with poledit, too. > > A workaround may be to deny the logon for this user in the machines > local security policy: > https://technet.microsoft.com/en-us/library/dd277395.aspx > Computer Configuration\Windows Settings\Security Settings\Local > Policies\User Rights Assignment -> Deny logon locally > > Regards, > Marc > -- > To unsubscribe from this list go to the following URL and read > theinstructions:? https://lists.samba.org/mailman/options/samba-- Rodrigo Abrantes Antunes Instituto Federal Sul-rio-grandense
Mike
2015-May-20 12:43 UTC
[Samba] Deny login for a specific user in a specific machine in a samba domain
GPO won't work for Samba 3.
An easier alternative:
Controlling Access to Shares
Often you will need to restrict the users who can access a specific share
for security reasons. This is very easy to do with Samba because it
contains a wealth of options for creating practically any security
configuration. Let's introduce a few configurations that you might want to
use in your own Samba setup.
We've seen what happens when you specify valid users. However, you are also
allowed to specify a list of invalid users?users who should never be
allowed access to Samba or its shares. This is done with the invalid users
option. For example:
[global]
invalid users = baduser,bademployee,overallbadperson
[homes]
browsable = yes
writable = yes
On Tue, May 19, 2015 at 7:40 AM, Rodrigo Abrantes Antunes <
rodrigoantunes at pelotas.ifsul.edu.br> wrote:
> PDC. I'm using samba 3, I need scripts to apply GPO?
>
> Citando Tim <lists at kiuni.de>:
>
>
> PDC or ADDC? You could achieve this with a GPO.
>>
>> Regards
>> Tim
>>
>> Am 18. Mai 2015 18:20:28 MESZ, schrieb Rodrigo Abrantes Antunes
>> <rodrigoantunes at pelotas.ifsul.edu.br>:
>>
>>> Hi, I have samba as a PDC and I need to deny login for a specific
user
>>> in a specific machine. How can I achieve that?
>>>
>> --
> Rodrigo Abrantes Antunes
> Instituto Federal Sul-rio-grandense
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>