logging connections (and dead time parameter)

John Harper harper at banks.scar.utoronto.ca
Thu Jun 11 19:24:47 GMT 1998

Now that I have the Samba NTDOM code up and running as a PDC I would
really like to be able to log connections from our lab machines.
One would think this should be easy given that the NT client machine is
obviously aware that a user is logging in and also later logging out,
but it seems that from the Samba side this is rather more difficult (at
least presently). I presume the samba server is aware of the login
(because it must do the authentication*), but I don't know if the client
passes any info back about the logout. If that were so, is it possible
that hooks might be added to samba to allow logging these events?

*does it look different when coming from an NT client versus another
Samba server that is in security=server mode? If not then this is toast. 

The problem seems compounded by the fact that neither of the shares
served by a PDC (profiles and netlogon) has the same lifetime as the
user session. The client will hold the connections to these shares open
even after the user logs out, so if you want to reliably login the next
user in you have to name the profile share something like p:%U. But
since netlogon is a fixed name, it may not disconnect at all and you
can't work around it - and I need the client to connect to it each time
to trigger the root preexec I use to generate a login.bat file on the
fly (since I have 6000 users, I don't want to store everyone's batch

Does anyone know a way to force an NT client to disconnect all shares
upon user logout?

My solution was to set the dead time parameter to the smallest possible
value (1 minute), but this still leaves a problem if another user tries
to login right away.

I tried to solve the logging problem by using postexec's on the profile
share: when the user connects the share is opened to read the profile,
after the files are closed the share times out a minute later and the
post exec runs. When the user logs out of the client, the share is
reopened to write the profile, and again it dies after a minute idle and
the postexec again runs. I try to tell the difference between the two
execs (login vs logout) of the program by examining the mod time of the
NTUSER.dat file (if recently modified, then this is a logout).

This is all very kludgy...but it seems to work as long as sessions are
longer than a minute and users don't log in right away. (Of 

So.... could it be made possible to set the dead time param to 0 and
mean disconnect immediately? (currently 0 means never disconnect), or
could some other param be added that specifies on a per share basis to
drop the connection as soon as all files are closed?

Or is there some better way to accomplish all of this?


John Harper
Academic Computing Coordinator
University of Toronto at Scarborough
harper at scar.utoronto.ca

More information about the samba-ntdom mailing list