powered by Jive Software

Openfire 4.1.6 with LDAP integration to AD and User-Workstation attribute

Hello

I have domain controller DC1 on win2008r2
I’ve installed on linux host OpenFire 4.1.6 and connected it to my AD via LDAP configuration (DC1 as LDAP host).
It works fine except only one issue - some AD users which have enabled User-Workstaion attribute in their AD settings on tab Account->“Log On to…” can’t login to Openfire with error - “not permitted to logon at this workstation”.

So again, for example - I have some “user1” and in his AD settings on tab Account->“Log On to…-> The following computers” - entered some hostname “computer1” from my LAN. Then OK-Apply.

After this user can login under his domain account only to this computer1.
And can’t login to Openfire in Psi client for example.

If I also add to this list “The following computers” server “DC1” - user can login to OpenFire successfuly.
But I have a lot of users with this user-workstation attribute enabled and don’t want add “DC1” manually to every user settings.

There are topics with similar issue and they adviced to configure domain policy on domain controller that allow logon to this domain controller.
But seems this workaround doesn’t work for users which haму user-workstation attribute is enabled.

So I’m looking for better solving for this issue, or best practics for this case.
Thank you.

Adding the DC that openfire is authenticating against is the only workaround that im aware of.