PAM, samba, and syslog
Andrew Bartlett
abartlet at pcug.org.au
Fri Jan 11 15:16:02 GMT 2002
I use the --with-utmp configure option (activated with utmp = yes in
smb.conf) for this kind of thing.
If you want to do it with PAM sessions, then compile --with-pam and set
'obey pam restrictions = yes' in you smb.conf and setup the appropritate
entries in /etc/pam.d/samba.
David Brodbeck wrote:
>
> If nothing else, it seems like you could do this with a preexec script on
> each share. Just run a command-line program that sent whatever you needed
> to syslog.
>
> -----Original Message-----
> From: Yan Seiner [mailto:yan at cardinalengineering.com]
> Sent: Thursday, January 10, 2002 7:21 PM
> To: samba at lists.samba.org
> Subject: PAM, samba, and syslog
>
> Is it possible to record who is logged onto a samba share in syslog?
>
> I am setting up a system where all users will log in to one samba
> server, then access samba shares on another server. All authentication
> is being done against the first samba server using pam_smb_auth.
You should not do it that way. Setup either security = server or
security = domain between the two servers, but don't force clients down
to plaintext just to refer logins.
(and set encrypt passwords = yes).
> I want to know if it's possible to tell pam to log successfull logins to
> syslog. I need to know who is logged in for security reasons.
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
More information about the samba
mailing list