[Samba] deny second or multiple logins
Marcus Sobchak <lists at localguru.de>
lists at localguru.de
Wed Apr 4 16:35:47 GMT 2007
Hello Helmut,
Am Mittwoch, den 04.04.2007, 08:55 +0200 schrieb Helmut Hullen:
> Hallo, Marcus,
>
> Du meintest am 04.04.07 zum Thema Re: [Samba] deny second or multiple logins:
>
> >>> test "$RESULT" -eq 1 || exit 1
> >>> -------
>
> >> That's no good idea.
> >> Try
> >>
> >> test "$RESULT" -eq 0
> >>
> >> Then the return level is 0 (= ok) for 0 , and it's 1 (not ok) for 1
> >> or higher.
>
> > Hmmm, if the value of RESULUT is not 1 or higher,
>
> That's the DOS way ...
>
> > the scipt has to "exit 1" (not ok), which is correct, because in this
> > case the same userid tries to connect from different IPs.
>
> Your script returns with 1 also if $RESULT is 0.
> My version returns with 0 if $RESULT is 0, otherwise with 1 (if it's the
> last line in the script).
Okay, let's finish this 1 or 0 result question, because this is not the
main problem. The preexec parameter thing does not solve the problem of
denying multiple logins. The user is still able to login, but no shares
are mounted. And as I wrote in of my last emails, windows reconnects its
shares every few minutes. In this case, the script doesn't know anymore
which client PC was the user's first and therefore the script is
blocking all client PCs, the first client and all following clients (of
the user).
To avoid this one has to set lock files with username and IP. These
lock files could be removed with the postexec parameter. But what
happens if a client PCs crashes and doesn't disconnect its shares? The
postexec command will not run and if the user tries to connect from a
different machine (or his machine is getting a new IP by dhcp after
restart), the existing lock file is blocking the complete user. Any
other ideas? Did nobody solve this problem?
Ciao,
Marcus
More information about the samba
mailing list