tracking user logins

jra at dp.samba.org jra at dp.samba.org
Wed Nov 27 17:56:39 GMT 2002


On Tue, Nov 26, 2002 at 10:26:46AM +0100, Alen Kovac wrote:
> Hello!
> 
> I'm running samba as PDC. I want to disable concurrent logins for
> users. (not to be able to login from more than one workstation at the
> same time) I haven't figured out how to disable this so I dig in to
> the samba sources.
> 
> I found that _net_sam_logon() is the place where I could check if
> users is logged in and in that case don't allow him to login.
> 
> rpc_server/srv_netlog_nt.c: _net_sam_logon()
> 
>   init_net_user_info3(p->mem_ctx, usr_info, sampass,
>                             0, /* logon_count */
>                             0, /* bad_pw_count */
>                             num_gids,    /* uint32 num_groups */
>                             gids    , /* DOM_GID *gids */
>                             0x20    , /* uint32 user_flgs (?) */
>                             NULL, /* char sess_key[16] */
>                             my_name     , /* char *logon_srv */
>                             my_workgroup, /* char *logon_dom */
>                             &global_sam_sid,     /* DOM_SID *dom_sid */
>                             NULL); /* char *other_sids */
> 
>    DEBUG(2, ("_net_sam_logon: [%s]", nt_username));
> 
>    if (_is_user_logged_in(nt_username)) {
>       DEBUG(2, ("mydebug: Concurrent logins not allowed [%s]", 
>                   nt_username));
>      pdb_free_sam(sampass);
>      return NT_STATUS_ACCOUNT_DISABLED;
>    } else {
>      _add_user_to_logged_in_list(nt_username);
>    }
>         
> I have the following problems; don't know where could I remove user
> from list when he logs out. _net_sam_logoff() isn't called, and second I
> would like to remove need for my list for tracking users if samba
> already do this.
> 
> So I would really need some pointers where to implement this check?

You need to store a record in a tdb somewhere that the user has
logged on so that another smbd running on the same PDC can check
at logon time. I suggest adding records to the sessions tdb.

Jeremy.



More information about the samba-technical mailing list