Active Directory computer restriction


We have OpenFire 3.5.1 installed, and it’s integrated with MS Active Directory. We use the ‘Log On To’ attribute to define which computers our users can log on to. For users who aren’t restricted, Everything works fine. For users who are restricted to logging on to specific computers, we get an error, “Invalid Username or Password”. I’ve tested this by changing my own acount to be restricted to logging on to my own computer (then I get the same error). I’ve tried adding the OpenFire server to the list of allowed computers, and that didn’t help. Any ideas?

Have you given everyone permission to logon to the chat server. The server is the machine doing the authentication no the client machine.

Thank’s for the quick reply, Todd, but that was my first thought too - I had added the chat server to the list of allowed computers, but I still get the error.

you may want to turn on debug logs on the server, clear them right before you try to login then login. Post the error. Are there any logs on the AD side you could post as well.

Hi - I’ve posted a .txt file with the error (how do you paste text into this forum?) Anyway, I looked up the java error from line 9, and that is the error for not having the rights to log on from this computer. I now need to find out how, in AD, I can audit authentication attempts for a particular computer/user. Thanks for your help!
OpenFireDebugLog.txt (4387 Bytes)