Samba and Openldap with the attribute "userWorkstation"

Ignacio Coupeau icoupeau at
Thu Aug 22 23:29:15 GMT 2002

georges.goebel at wrote:
> Hi,
> We have installed Samba (2.2.5) as PDC and Openldap (2.0.25) for password 
> authentification. But we want that several users can only login on their own 
> machine in the domain and NOT on any other computer in the domain. Therefore we 
> tried to use the attribute 'userworkstation', which is defined in the 
> samba.schema, where you can specify a list of machine accounts where the user 
> can login. But we found several sources who said that it is not 
> yet 'implemented' or 'supported'.

We have a very similar scenario here (2.2.5 and OpenLdap 2.0.25) and 
every user can log in any WS in the domain with the roaming profiles, 
without care about attribute 'userworkstation'.

If an user can log only in their machine may be due to several problems, 
also with the roaming profiles.

What kind of WS do you have OS/SP?
A debuglevel to 2 may tell you a lot of things...

also this may help:


Ignacio Coupeau, Ph.D.     e-mail: icoupeau at
CTI, Director              fax:    948 425619
University of Navarra      voice:  948 425600
Pamplona, SPAIN  

More information about the samba-technical mailing list