Script to enforce client machine names

Sam Johnston samj at
Thu Nov 2 07:08:22 GMT 2000

Hello all,

Here's a perl script for enforcing a machine naming policy. It's called as a
[root] preexec and causes the connection to be closed on non zero return
with '[root] preexec close = yes'. Scans a list of exceptions, returning 0
if any match. Then runs regexps, returning 0 if any match. Then [sys]logs an
error and returns 1 (thus closing the connection). Hopefully someone else
will find it useful - even if only to have found out about one of the many
features that make samba so much better than microsoft smb servers.

 - samj

from smb.conf

        [root] preexec = /usr/sbin/checkname %m %I %U
        [root] preexec close = Yes

# Sam Johnston, Far Edge Technology (samj at
# checkname <machine> <ip> <user>
use Sys::Syslog qw(:DEFAULT setlogsock);

$m = lc($ARGV[0]);
$I = lc($ARGV[1]);
$U = lc($ARGV[2]);

#print "machine: $m ip: $I user: $U\n";

foreach $i ( 'office-dom', 'comms-dom', 'svr-dom', 'maint-dom' ) {
        if ($m eq $i) { exit 0; }

if ($m =~ /res[0-9]-dom/i) { exit 0; }
if ($m =~ /[1-3][a-h][1-9]-dom/i) { exit 0; }
if ($m =~ /[1-3]t[1-2]-dom/i) { exit 0; }

syslog('info', "samba: connection refused from $m ($I) connecting as $U");
exit 1;

More information about the samba mailing list