samba - Dec 2017 - problem with net sam set workstations

Sometime ago had migrated from a PDC (samba3) to an AD (samba4)
environment. In the PDC environment setting the allowed workstations
for each user was done with the "net sam set workstations" command and
could also easily be unset (using "" as the last argument).

I now wish to move to a GPO for login control but removing the
limitations put in place are no longer working - I can change the
allowed workstations with "net sam set workstations" but can no longer
remove them:

net sam setworkstations user ""
or
net sam setworkstations user ''

no longer works to remove the assigned list.

Currently on 4.6.6.

In addition to not finding a workaround to unset allowed workstations
in "Log On To" the command "net sam list workstations"
provides the
same output as "net sam list users" - both list all users and member
workstations.


On Mon, Dec 11, 2017 at 10:36 AM, Sonic <sonicsmith at gmail.com>
wrote:
> Sometime ago had migrated from a PDC (samba3) to an AD (samba4)
> environment. In the PDC environment setting the allowed workstations
> for each user was done with the "net sam set workstations"
command and
> could also easily be unset (using "" as the last argument).
>
> I now wish to move to a GPO for login control but removing the
> limitations put in place are no longer working - I can change the
> allowed workstations with "net sam set workstations" but can no
longer
> remove them:
>
> net sam setworkstations user ""
> or
> net sam setworkstations user ''
>
> no longer works to remove the assigned list.
>
> Currently on 4.6.6.