On 04/12/2006, at 9:56 PM, Toni Casueps wrote:
I have a Samba server with Windows XP clients, and roaming profiles
for every user. At this moment everyone can log onto any
workstation, but it shouldn't be like that: there are some
workstations where anyone can log into, but three of them should be
restricted to some specific users. I thought about making local
users for them, but we need all users to have roaming profiles, I
can't make local users expect for the Administrator account.
Can this be done with Samba?
OK, it sounds like your samba server is a PDC, so I'll assume it is.
This solution won't work if it's not (I don't think).
If I understand you correctly, you want these specific users to be
able to log into any machine on the network (including the 3
restricted ones), right? And you want everybody else to be able to
log into all the machines except the 3 restricted ones? I'd probably
do this by making a group which the specific users are all a member
of (and nobody else), then go into the local security policies of the
restricted workstations (Control Panel -> Administratrative Tools ->
Local Security Policy), and modifyf the entries "Log on Locally" and
"Deny logon locally" to suit (which will involve putting your new
group into the "log on locally" policy, and removing "users" from it,
and probably a few others as well).
Note: I haven't tested this method, it's just the way I'd try going
about it if I was in your shoes. You can probably even set hte local
security policies through System Policy if you use that - but you'll
likely have to custom write your own policy template.
--
Matt Skerritt
[EMAIL PROTECTED]
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
