Tracking users logging in and out
Andrew Bartlett
abartlet at pcug.org.au
Thu Jan 24 14:45:03 GMT 2002
Yan Seiner wrote:
>
> Andrew Bartlett wrote:
>
> >Yan Seiner wrote:
> >
> >>Andrew Bartlett wrote:
> >>
> >>>Yan Seiner wrote:
> >>>
> >>>>1) compile with --with-utmp, then track that.
> >>>>2) use preexec & postexec, and require users to log on to a specific
> >>>>share. This may not work right, though.
> >>>>
> >>>>Good luck!
> >>>>
> >>>You can also compile --with-pam, and enable a pam sessions module to do
> >>>the trick (obey pam restrictions = yes needs to be set in your smb.conf
> >>>as well).
> >>>
> >>My understanding, though, is that this will require win clients to log
> >>in with unencrypted passwords. Is that not correct? I'd love to use
> >>pam if I could, as I could do wonders with things like pam_warn and
> >>pam_smb.
> >>
> >
> >This is correct for Samba's traditional PAM support. I did some work on
> >samba almost a year ago that allows samba to call on PAM's other
> >features, including account managment and session tracking - even when
> >we use encrypted passwords.
> >
> Hah! Is this documented anywhere? How do I enable this
> "non-traditional" support? Do I need to do anything special in
> smb.conf? Or is it just a matter of properly setting up the pam conf files?
You need 'obey pam restrictions = yes' in your smb.conf - there should
be a small drop of documentation there...
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
More information about the samba
mailing list