Once you enable general login/authentication via LDAP, how does one restrict to which machines a user can log in to? There must be a "standard" (ie: portable) way to do this... Thanks.