Login to SOGo with AD user who can login only to a few computers

Support
1

NethServer Version: 7.8.2003
Module: SOGo

Hi friends,
I have a new problem with my SOGo-Server. I get it running with an AD-Connection, but the Users at the AD only be allowed to login to special computers. You can set this in Active Directory for each user at the account flag. I added the server to the login-list but it doesn’t work. If I choose “Login to all computers” it’s no problem.
Has somebody an idea?
@Andy_Wismer Perhaps you can help, you know a lot of windows and linux.

Thanks to all in advance

2

@m.traeumner

Hi Michael

Is SoGo running on the same Nethserver as your AD, or are these two different NethServers?
Or is your AD on Windows?

For both the following would work:

You can “attack” this problem from two sides: users or workstations.
If you’re using a Windows based AD, setting this at the account flag won’t work, as SoGo doesn’t seem to know about this, (I don’t use SoGo myself, I use NextCloud…) and it doesn’t work as you found out.

There are certain things in Windows, especially in Windows AD, where the “everyone” permission IS needed, like the Profiles share, or Netlogon, if you’re using that. And there are a lot more…

So instead of at the user route, you can try the workstation route:

I’m assuming some workstations like your own workstation / notebook doesn’t need any restrictions.
On all “restricted” PCs you can do the following:

Bildschirmfoto 2020-06-25 um 10.32.25
Bildschirmfoto 2020-06-25 um 10.32.251964×1406 309 KB

  1. Remove the “domain users” entry.
  2. Add in any needed users for this workstation, but don’t forget all users with “Administrative Functions”.
  3. Restart and test.

A bit more advanced:
You can create user-groups in AD for this… These groups can be used on all such restricted workstations.
Like using remotedesktopusers to allow home working or remote administration, not only for Domain Admins.

My 2 cents
Andy

Note:
Due to this being a Windows Screenshot, I can’t simply change the language and display an english version. But the screen looks almost the same in any language, and anyone familiar with this will recognize what’s where… :slight_smile:

1 Like
3

Hi Andy,
thanks for your answer. I get it running now.

It’s a windows AD and I’ve found a simple solution.
A Sogo login is like a remote login and you have to add the SOGo-Server to the list, but also the computer where you login from. After adding it I was able to login to SOGo.

1 Like