Hi ALL, I'm trying to implement a workstation logon restriction policy (where I say that a user only logon on my domain from a specific station) through Samba with Win 9X client machines, like Windows NT/2000 Servers. Is it possible ?!? I found on some lists diff files to implement Time logon restriction, where I say what time my user can logon on my network, but nothing about workstation time restriction. Thanks in advance, Marco _______________________________________________________________________ Busca Yahoo! O servi?o de busca mais completo da Internet. O que voc? pensar o Yahoo! encontra. http://br.busca.yahoo.com/
Marco A R Henriques schrieb:> Hi ALL, > > I'm trying to implement a workstation logon restriction policy (where I say > that a user only logon on my domain from a specific station) through Sambaif u want a user specific logon restriction, u can implement with samba. if u want a machine specific restriction (ip-adress) u can implement this with samba or iptables (firewall) if u want to restrict one user to one workstation, i can't tell u, if it's possible. - i only can imagine, that u do not use domain logon, and create only one user on this client. - so u can only login with this user from this workstation.> with Win 9X client machines, like Windows NT/2000 Servers. Is it possible > ?!? I found on some lists diff files to implement Time logon restriction, > where I say what time my user can logon on my network, but nothing about > workstation time restriction.this will be possible (ip-adress) over iptables(firewall) and cron.> > Thanks in advance, > > Marco > > _______________________________________________________________________ > Busca Yahoo! > O servi?o de busca mais completo da Internet. O que voc? pensar o Yahoo! encontra. > http://br.busca.yahoo.com/
Marco A R Henriques schrieb:> Hi Kurt, > > Thanks for your reply. My users should be logon on my network (samba > domain), but some them only logon through some specific workstation. Is itso u can realize this: e.g. network 192.168.10. user a,b,c have access from all places user c,d only from ip adresses .10 and .11 use this in your smb.conf [global] section: ==========================================netbios name = intern netbios alias = extern # than take an include: include = /usr/local/samba/lib/smb.conf.%L #<rest of the file> ========================================== use this in your smb.conf.intern file: (access only for a,b,c) ==========================================hosts allow = 192.168.10. EXCEPT 192.168.10.10 EXCEPT 192.168.10.11 invalid users = c,d ========================================== use this in your smb.conf.extern file: (login for all users) ==========================================hosts allow = 192.168.10.10 192.168.10.11 ========================================== now u can access over server "extern" with all users from .10 and .11 and u can access to "intern" with all workstations, but not users c,d !!*attention*!! if u use invalid users in a share section, so u overwrite the default. i hope, it helped, gk