[Samba] sambaUserWorkstations (with LDAP) not working with Groups of Computers ?

Frédéric Nass Frederic.nass at univ-metz.fr
Thu Nov 8 07:20:33 GMT 2007


I'm trying to use the sambaUserWorkstations option to allow users to log 
on certain computers only. This option looks great... In fact it looks 
now a lot better than the 'ldap filter' one than was deprecated with 
samba 3.0.20...

The fact is, if the sambaUserWorkstations option works well with machine 
names, it doesn't seem to work when specifying groups of machines. I'm 
using LDAP as a backend + samba 3.0.24 (debian 4).

For example, I configured the "sambaUserWorkstations" attibute of my 
user "test" with the followings arguments : "sambaUserWorkstations: 

This should work for PC1,PC2 (as 'salle1' machine group has PC1$ and 
PC2$ for members) but not for PC3, right ? But the user is actually only 
allowed to log in PC1, but bounced on PC2. This seemed to be working 
easy with files as samba backend.

Is this the right syntax for computer groups with ldap ? I tried using a 
"@" instead of a "+" but it didn't help ?

I use LATEST Debian 4 (samba 3.0.24) UP-TO-DATED.

Please find all debug and configuration infos here : 

Thank you for any help you might provide us,

Frédéric Nass
IUT de Metz - Université de Metz.

Tél : +33387547736

More information about the samba mailing list