FC Mario Patty
2009-Mar-03 08:46 UTC
[Samba] How to allow only particular users to logon to a particular computer?
Guys, I have a pc (already joinned the samba domain 'DOMAIN') that I want to keep off other domain users but user DOMAIN\mark and DOMAIN\thomas whilst letting both of them to logon freely to other computers. I tried sambaUsersWorkstations but it only works with uid (Users not Computers) and it dictated which computer such a user may logon to. What I want is the opposite: which users may logon to the computer. Is this possible with our samba+openldap or should I create a logon script? Thank you. :) Regards,
FC Mario Patty
2009-Mar-03 10:44 UTC
[Samba] How to allow only particular users to logon to a particular computer?
Thank-you Wolfgang, I'll give it a shot. * You' re right. I saw some where in the web, someone mistakenly lock his local user (administrator). :( Regards, On Tue, Mar 3, 2009 at 5:37 PM, Wolfgang Ratzka <ratzka@hrz.uni-marburg.de>wrote:> I have a pc (already joinned the samba domain 'DOMAIN') that I want to keep >> off other domain users but user DOMAIN\mark and DOMAIN\thomas whilst >> letting >> both of them to logon freely to other computers. >> > > You might want to manipulate the SeInteractiveLogonRight and possibly > SeNetworkLogonRight on the PC itself. Have a look at > http://support.microsoft.com/kb/279664 > > Two hints: > - You might want to define a group and assign rights to the group > instead of single users. > - Avoid locking out yourself and the admins. > > Kind regards, > > -- > Wolfgang Ratzka Phone: +49 6421 2823531 FAX: +49 6421 2826994 > Uni Marburg, HRZ, Hans-Meerwein-Str., D-35032 Marburg, Germany >
Wolfgang Ratzka
2009-Mar-03 10:46 UTC
[Samba] How to allow only particular users to logon to a particular computer?
> I have a pc (already joinned the samba domain 'DOMAIN') that I want to keep > off other domain users but user DOMAIN\mark and DOMAIN\thomas whilst letting > both of them to logon freely to other computers.You might want to manipulate the SeInteractiveLogonRight and possibly SeNetworkLogonRight on the PC itself. Have a look at http://support.microsoft.com/kb/279664 Two hints: - You might want to define a group and assign rights to the group instead of single users. - Avoid locking out yourself and the admins. Kind regards, -- Wolfgang Ratzka Phone: +49 6421 2823531 FAX: +49 6421 2826994 Uni Marburg, HRZ, Hans-Meerwein-Str., D-35032 Marburg, Germany