Hello, is there any wat to limit users log on to some special machines? I mean not all users can log on in to a machine.
> Hello, is there any wat to limit users log on to some special machines? I > mean not all users can log on in to a machine. >It can be done with LDAP as passdb backend.
I have a LDAP server as passdb backend but how it is possible? what should I do? 2009/1/25 Miguel Medalha <miguelmedalha@sapo.pt>> > Hello, is there any wat to limit users log on to some special machines? I >> mean not all users can log on in to a machine. >> >> > > It can be done with LDAP as passdb backend. >
> I have a question of a similar nature that I am going to post in a > separate message in this forum, but what I would like to know is > this: Is there a comprehensive list of ALL of the attributes of a > sambaSamAccount somewhere? I would like to know all of the various > things that you could control on a per user or per workstation basis > using Samba and LDAP. > > LDAP Admin: > > http://ldapadmin.sourceforge.net/ > > You can also manage your directory with a browser using the > following (among many): > > phpLDAPadmin > http://phpldapadmin.sourceforge.net/wiki/index.php/Main_Page > > LDAP Account Manager > http://lam.sourceforge.net/ > >Every one of the above LDAP directory management programs will show you the available object classes and their attributes. See "Schema Browser" under the first two or "Schema" under the third one. You can also manually open the samba3.schema under "/etc/openldap/schema" and read them from there. Nevertheless, here it goes: The samba3.schema contains the following object classes: sambaConfig sambaConfigOption sambaDomain sambaGroupMapping sambaIdmapEntry sambaSamAccount sambaShare sambaSidEntry sambaTrustedDomainPassword sambaTrustPassword sambaUnixIdPool The attributes pertaining to the objectClass "sambaSamAccount" are the following: *sambaSID *uid,userid (inherited from core.schema) cn,commonName (inherited from core.schema) description (inherited from core.schema) displayName (inherited from inetorgperson.schema) sambaAcctFlags sambaBadPasswordCount sambaBadPasswordTime sambaDomainName sambaHomeDrive sambaHomePath sambaKickoffTime sambaLMPassword sambaLogoffTime sambaLogonHours sambaLogonScript sambaLogonTime sambaMungedDial sambaNTPassword sambaPasswordHistory sambaPrimaryGroupSID sambaProfilePath sambaPwdCanChange sambaPwdLastSet sambaPwdMustChange sambaUserWorkstations * The attributes marked with * are required attributes which MUST be present. The others are optional and MAY be present.
Miguel, Awesome answer. Just what I needed to get me started. I really appreciate your time! Troy On Wed, Jan 28, 2009 at 5:46 PM, Miguel Medalha <miguelmedalha@sapo.pt>wrote:> > I have a question of a similar nature that I am going to post in a >> separate message in this forum, but what I would like to know is this: Is >> there a comprehensive list of ALL of the attributes of a sambaSamAccount >> somewhere? I would like to know all of the various things that you could >> control on a per user or per workstation basis using Samba and LDAP. >> >> LDAP Admin: >> >> http://ldapadmin.sourceforge.net/ >> >> You can also manage your directory with a browser using the >> following (among many): >> >> phpLDAPadmin >> http://phpldapadmin.sourceforge.net/wiki/index.php/Main_Page >> >> LDAP Account Manager >> http://lam.sourceforge.net/ >> >> >> > Every one of the above LDAP directory management programs will show you the > available object classes and their attributes. See "Schema Browser" under > the first two or "Schema" under the third one. You can also manually open > the samba3.schema under "/etc/openldap/schema" and read them from there. > > Nevertheless, here it goes: > > The samba3.schema contains the following object classes: > > sambaConfig > sambaConfigOption > sambaDomain > sambaGroupMapping > sambaIdmapEntry > sambaSamAccount > sambaShare > sambaSidEntry > sambaTrustedDomainPassword > sambaTrustPassword > sambaUnixIdPool > > The attributes pertaining to the objectClass "sambaSamAccount" are the > following: > > *sambaSID > *uid,userid (inherited from core.schema) > cn,commonName (inherited from core.schema) > description (inherited from core.schema) > displayName (inherited from inetorgperson.schema) > sambaAcctFlags > sambaBadPasswordCount > sambaBadPasswordTime > sambaDomainName > sambaHomeDrive sambaHomePath > sambaKickoffTime > sambaLMPassword > sambaLogoffTime > sambaLogonHours > sambaLogonScript > sambaLogonTime > sambaMungedDial > sambaNTPassword > sambaPasswordHistory > sambaPrimaryGroupSID > sambaProfilePath > sambaPwdCanChange > sambaPwdLastSet > sambaPwdMustChange > sambaUserWorkstations > > * The attributes marked with * are required attributes which MUST be > present. The others are optional and MAY be present. > >