On Sat, 2003-11-08 at 04:00, Hezekiel wrote:> hi, i'm using suse 7.3 with samba 2.2.8 as PDC and openldap for
> authentification in network with wfw-, winnt-, w2k-clients. everything
works
> fine.
> because not every client has the same configuration (same progs, same
> path's, hardware...), i got problems, if a user dosn't login from
his
> ordinary workstation, his roaming-profile doesn't work fine.
> now, how can i force users only login from special machines (only to
> machines which have the same installation).
>
> example: userA only login to ms-workstion1
> userB login to ms-ws1,ms-ws2
> userC login to ms-ws3,ms--ws4
> userD only login to ms-ws4
>
> i tried to configure a user restriction about PAM with
'pam_access.so' in
> /etc/pam.d/samba and its config file 'access.conf', but it
didn't work.
> but restrictions for login,ssh, ftp etc. via PAM and
'pam_access.so' works.
> maybe i have to set some values for the users in LDAP, but i don't know
> what. the answer is probable quit easy, but i've got no more ideas.
With Samba 3.0, the sambaUserWorkstations attribute contains a list of
workstation names, for exactly this purpose. Users can only log into
the workstations listed.
Andrew Bartlett
--
Andrew Bartlett abartlet@pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet@samba.org
Student Network Administrator, Hawker College abartlet@hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :
http://lists.samba.org/archive/samba/attachments/20031109/88029c1d/attachment.bin