On Wednesday, November 27, 2002, at 19:55 PM, Jim Morris wrote: > I must say that I know of no NT/2000 option to allow only login from > one client PC, although I recall Netware having such an option.
Agreed again. (I think you meant something different from the facility John Terpestra referred to - on NT/2K you can specify which machines, perhaps only one, that a user account can use, but you can't specify "Maximum number of concurrent sessions"; on Netware you can do both.) > Giving the growing presence of Samba in the large enterprise, with more > and more companies becoming security conscious as time goes forward, we > are going to hit these type issues more and more. Mmm. I've only *just* managed to demonstrate to the Powers-That-Be around here the full horror of an unswitched LAN with unencrypted passwords and a sniffer ... so _now_ changes are underway. Password encryption *with* failed login tallying *will* be part of security policy .. > ... What is needed is an examination of the various > security policies that can be setup in an NT/2000 Server environment, > so that a list of such items that are appropriate to a Samba > environment can be built. I'd just like to add a vote for another item for this list - something which can be done on Netware, VMS, and on some Unixen, but not NT/2K (AFAIK) - allow a password expiry "grace" period to be configured if desired - a period of time after a password has expired, during which a user account can still login but is forced straight into a password-change dialog. This allows for those occasions when (e.g.) someone is away for a whole month, during which their password expires. > ... I would be glad to help in this effort in any way I can, > including documentation and code. Likewise, but only for documentation .. Nick Boyce EDS Southwest Solution Centre, Bristol, UK
