Open AD Users and Computers, right click on the user, go to accounts, click the Log Onto button and select the allowed computers. Alternately you can restrict who can read and write to the computer in the computers properties security tab, however this is very heavy handed and restricts all access not just counsel level logins. Alternately you can move the computer to another container, such as the server container, and have a group policy that only certain people can log into computers in that container (Google active directory managing group policies, it gets tricky if you don't do it all the time) but this is the preferred method The KDC should not issue a certificate to a computer that it can not access. -----Original Message----- From: plug-discuss-bounces@lists.plug.phoenix.az.us [mailto:plug-discuss-bounces@lists.plug.phoenix.az.us] On Behalf Of Dan Lund Sent: Wednesday, July 25, 2007 9:05 PM To: Main PLUG discussion list Subject: Re: Rudimentary article on joining Linux to active directory You can do it under AD? I didn't realize that... what's the proper way? Forgive me, but it'd be nice to know this :) On 7/25/07, Bryan O'Neal wrote: > You restrict it using either the appropriate pam config, or two (the way > I do it) using windows active directory. I know, I am evil, I didn't > even try it under Linux, I went right to the authenticating server and > restricted it their using a nice windows gui that has worked for me for > so many years now... Sigh, > > Any one know a better answer? > > > > -----Original Message----- > From: plug-discuss-bounces@lists.plug.phoenix.az.us > [mailto:plug-discuss-bounces@lists.plug.phoenix.az.us] On Behalf Of Dan > Lund > Sent: Monday, July 23, 2007 9:07 AM > To: Main PLUG discussion list > Subject: Re: Rudimentary article on joining Linux to active directory > > Done this before, the one thing I want to know is how to make it so only > > a certain group or user can log in via the AD login information. > > > Bryan O'Neal wrote: > > > > This is clearly written from a windows users point of view, and is > > mildly simplistic, but it is not a bad article > > > > > > > > > http://searchwinit.techtarget.com/tip/0,289483,sid1_gci1264223,00.html?t > rack=NL-118&ad=596213&asrc=EM_NLN_1822926&uid=6232170 > > > track=NL-118&ad=596213&asrc=EM_NLN_1822926&uid=6232170> > > > > > > > > > > > > **Bryan O'Neal*** > > Cornerstone Homes & Development, Inc.* > > 4220 E. McDowell Rd Ste. #108 > > Mesa, AZ 85215 > > (480) 505-1900 > > > > > > > > > ------------------------------------------------------------------------ > > > > --------------------------------------------------- > > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > > To subscribe, unsubscribe, or to change your mail settings: > > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change your mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change your mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > -- "Courage is like love; it must have hope to nourish it." -Napoleon Bonaparte --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss