Hi everybody, I installed samba-2.2.3a on a Red Hat 7.2 and I succesfully joined the samba domain with some w2k clients. I need to remove a machine account from the domain in order to deny the access to the domain to a particular client. I tried removing the machine entry from the smbpasswd and the /etc/passwd but I continue logging on without any problem. What's wrong ?
To remove the account just confuses issues, what you want is to disable it with the following command : smbpasswd -d MACHINENAME$ This afaik should disable logons to the domain. At 10:29 AM 2/11/02 -0100, Fabrizio Celli wrote:>Hi everybody, >I installed samba-2.2.3a on a Red Hat 7.2 and I succesfully joined the >samba domain with some w2k clients. >I need to remove a machine account from the domain in order to deny the >access to the domain to a particular client. >I tried removing the machine entry from the smbpasswd and the /etc/passwd >but I continue logging on without any problem. >What's wrong ? > > > >-- >To unsubscribe from this list go to the following URL and read the >instructions: http://lists.samba.org/mailman/listinfo/samba=============Martyn Ranyard
Thank you David, you're right. After having disabled a machine with smbpasswd -d I can logon, browse the network etc. BUT ONLY WITH THE ACCOUNTS THAT LOGGED ON AT LEAST ONCE FROM THAT MACHINE. I mean that I created a new account and I didn't log on. The fact is that the first time you logon w2k create a local profile for that user and even if you're outside the network it's sufficient that the user have this local profile to logon. So if I want that the old users don't have to log on I have to delete all the local profiles on the machine. I don't like it but probably it's the only way. Bye> Hello, > > can you only logon on machine, or also browse network and so? W2K > machines allows cached logon (password is caches from previous > sessions) and dont warn > you about that. Same situation happen when you add notebook to domain > and take it away (i.e. home) You still can login under same account > even if you are > not connected to the network. I thing deleting user profiles on the > machine could help. > > David Kadlec > > ----- Original Message ----- > From: "Fabrizio Celli" <fabrizio.celli@istruzione.it> > To: <samba@lists.samba.org> > Sent: Monday, February 11, 2002 4:19 PM > Subject: Re: [Samba] REMOVING A MACHINE ACCOUNT > > >> Sorry if my question confused the issues. >> Anyway, I have a machine that joined my samba domain and now I want >> that nobody can continue to logon from that machine (It can happen >> sometimes) I tried to disable the machine with the command: >> smbpasswd -d MACHINENAME$d >> Result: >> I still log on >> So I tried to delete the machine from the smbpasswd and the passwd: >> smbpasswd -x MACHINENAME$ >> userdel MACHINENAME$ >> Result: >> I still log on >> Thanx for any suggestion >> >> > To remove the account just confuses issues, what you want is to >> > disable it with the following command : >> > >> >smbpasswd -d MACHINENAME$ >> > >> > This afaik should disable logons to the domain. >> > >> > At 10:29 AM 2/11/02 -0100, Fabrizio Celli wrote: >> >>Hi everybody, >> >>I installed samba-2.2.3a on a Red Hat 7.2 and I succesfully joined >> >>the samba domain with some w2k clients. >> >>I need to remove a machine account from the domain in order to deny >> >>the access to the domain to a particular client. >> >>I tried removing the machine entry from the smbpasswd and the >> >>/etc/passwd but I continue logging on without any problem. >> >>What's wrong ? >> >> >> >> >> >> >> >>-- >> >>To unsubscribe from this list go to the following URL and read the >> >>instructions: http://lists.samba.org/mailman/listinfo/samba >> > >> > =============>> > Martyn Ranyard >> >> >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: http://lists.samba.org/mailman/listinfo/samba
You might want to look at Win2K's Policy Editor, It may be one of the things you can change in there. Martyn At 04:19 PM 2/11/02 -0100, Fabrizio Celli wrote:>Thank you David, >you're right. >After having disabled a machine with smbpasswd -d I can logon, browse the >network etc. BUT ONLY WITH THE ACCOUNTS THAT LOGGED ON AT LEAST ONCE FROM >THAT MACHINE. >I mean that I created a new account and I didn't log on. >The fact is that the first time you logon w2k create a local profile for >that user and even if you're outside the network it's sufficient that the >user have this local profile to logon. >So if I want that the old users don't have to log on I have to delete all >the local profiles on the machine. >I don't like it but probably it's the only way. >Bye > > > Hello, > > > > can you only logon on machine, or also browse network and so? W2K > > machines allows cached logon (password is caches from previous > > sessions) and dont warn > > you about that. Same situation happen when you add notebook to domain > > and take it away (i.e. home) You still can login under same account > > even if you are > > not connected to the network. I thing deleting user profiles on the > > machine could help. > > > > David Kadlec > > > > ----- Original Message ----- > > From: "Fabrizio Celli" <fabrizio.celli@istruzione.it> > > To: <samba@lists.samba.org> > > Sent: Monday, February 11, 2002 4:19 PM > > Subject: Re: [Samba] REMOVING A MACHINE ACCOUNT > > > > > >> Sorry if my question confused the issues. > >> Anyway, I have a machine that joined my samba domain and now I want > >> that nobody can continue to logon from that machine (It can happen > >> sometimes) I tried to disable the machine with the command: > >> smbpasswd -d MACHINENAME$d > >> Result: > >> I still log on > >> So I tried to delete the machine from the smbpasswd and the passwd: > >> smbpasswd -x MACHINENAME$ > >> userdel MACHINENAME$ > >> Result: > >> I still log on > >> Thanx for any suggestion > >> > >> > To remove the account just confuses issues, what you want is to > >> > disable it with the following command : > >> > > >> >smbpasswd -d MACHINENAME$ > >> > > >> > This afaik should disable logons to the domain. > >> > > >> > At 10:29 AM 2/11/02 -0100, Fabrizio Celli wrote: > >> >>Hi everybody, > >> >>I installed samba-2.2.3a on a Red Hat 7.2 and I succesfully joined > >> >>the samba domain with some w2k clients. > >> >>I need to remove a machine account from the domain in order to deny > >> >>the access to the domain to a particular client. > >> >>I tried removing the machine entry from the smbpasswd and the > >> >>/etc/passwd but I continue logging on without any problem. > >> >>What's wrong ? > >> >> > >> >> > >> >> > >> >>-- > >> >>To unsubscribe from this list go to the following URL and read the > >> >>instructions: http://lists.samba.org/mailman/listinfo/samba > >> > > >> > =============> >> > Martyn Ranyard > >> > >> > >> > >> -- > >> To unsubscribe from this list go to the following URL and read the > >> instructions: http://lists.samba.org/mailman/listinfo/samba > > > >-- >To unsubscribe from this list go to the following URL and read the >instructions: http://lists.samba.org/mailman/listinfo/samba=============Martyn Ranyard