Hi, We are looking for ways to limit the logon options for a specific user. We have configured "logon hours" and "logon to". We noticed however that this dis not prevent the user from accessing ldap-authenticated services. (such as our intranet, etc) Is there a way to configure samba to disallow ldap binds completely for a specific user? Thanks for suggestions! MJ
On 03/12/2019 15:05, lists via samba wrote:> Hi, > > We are looking for ways to limit the logon options for a specific > user. We have configured "logon hours" and "logon to". > > We noticed however that this dis not prevent the user from accessing > ldap-authenticated services. (such as our intranet, etc) > > Is there a way to configure samba to disallow ldap binds completely > for a specific user? > > Thanks for suggestions! > > MJ >How about using the userAccountControl attribute ? Add 2 to it and the account becomes disabled and a disabled account cannot authenticate to AD Rowland
Hi Rowland, Thanks! On 3-12-2019 16:32, Rowland penny via samba wrote:> How about using the userAccountControl attribute ? > > Add 2 to it and the account becomes disabled and a disabled account > cannot authenticate to ADBut the accounts still needs to be able to logon to certain (a specific list of) workstations... A disabled account account can not logon at all. MJ