You can set the "sambaUserWorkstations:" parameter in the ldap user leaf. Can be done from the NT4 Doman User administration or using LDAP Account Manager.
On Dec 14, 2007 3:14 PM, Rubin Bennett <[EMAIL PROTECTED]> wrote: > On Fri, 2007-12-14 at 19:55 +0000, Net Warrior wrote: > > Good, but, how do I tell, this user can log in in this windows machine > and > > not in this other? I need a way to check > > both, the user who's loggin agains my pdc in and the IP from the machine > > he's trying to log to the domain. Isn't deny-host a more global way to > tell, > > this host can access my machine? > > > Yes. > > To do what you're after, I think you could do it with a carefully > subnetted LAN (i.e. each department has a distinct LAN segment, not > necessarily an actual subnet but a block of IPs that are predictably > assigned via dhcp pools). > > Then using dynamically generated login scripts, you could cross > reference the users' group membership with the IP pool that they're > logging in from, and attempt to write in some nastiness that disables > users from one group logging into the IP space of another group. > > This is actually an interesting idea in a way although if your directory > ACLs and permissions are set up correctly and you're using the Samba > server for storing everything, why worry if user "A" from accounting > logs into user "B"'s pc in marketing? They won't be able to access > anything they couldn't from their own computer, right? > > Rubin > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > -- Steve Mc Gregor weblog: http://blog.smcgregor.info/ email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
