tracking user logins
jra at dp.samba.org
jra at dp.samba.org
Wed Nov 27 17:56:39 GMT 2002
On Tue, Nov 26, 2002 at 10:26:46AM +0100, Alen Kovac wrote:
> Hello!
>
> I'm running samba as PDC. I want to disable concurrent logins for
> users. (not to be able to login from more than one workstation at the
> same time) I haven't figured out how to disable this so I dig in to
> the samba sources.
>
> I found that _net_sam_logon() is the place where I could check if
> users is logged in and in that case don't allow him to login.
>
> rpc_server/srv_netlog_nt.c: _net_sam_logon()
>
> init_net_user_info3(p->mem_ctx, usr_info, sampass,
> 0, /* logon_count */
> 0, /* bad_pw_count */
> num_gids, /* uint32 num_groups */
> gids , /* DOM_GID *gids */
> 0x20 , /* uint32 user_flgs (?) */
> NULL, /* char sess_key[16] */
> my_name , /* char *logon_srv */
> my_workgroup, /* char *logon_dom */
> &global_sam_sid, /* DOM_SID *dom_sid */
> NULL); /* char *other_sids */
>
> DEBUG(2, ("_net_sam_logon: [%s]", nt_username));
>
> if (_is_user_logged_in(nt_username)) {
> DEBUG(2, ("mydebug: Concurrent logins not allowed [%s]",
> nt_username));
> pdb_free_sam(sampass);
> return NT_STATUS_ACCOUNT_DISABLED;
> } else {
> _add_user_to_logged_in_list(nt_username);
> }
>
> I have the following problems; don't know where could I remove user
> from list when he logs out. _net_sam_logoff() isn't called, and second I
> would like to remove need for my list for tracking users if samba
> already do this.
>
> So I would really need some pointers where to implement this check?
You need to store a record in a tdb somewhere that the user has
logged on so that another smbd running on the same PDC can check
at logon time. I suggest adding records to the sessions tdb.
Jeremy.
More information about the samba-technical
mailing list