Tracking users logging in and out

Antony Healey antony at cit.uws.edu.au
Thu Jan 24 16:28:03 GMT 2002 

> I don't see how you can discern the "intent" of the user.  Windows
> logins are share based.  If a user logs out intentionally, you want to
> log that.  If, however, he is logged out due to inactivity or because he
> has dicsonnected from a share like a printer, you don't want to log
> that.

I understand what you're saying.

What we want to log is when someone logs into the PDC, and then when they
log out again, whether by actually logging out, or being logged out due to
idling. Essentially, we want to know who is logged into what machine, when
and for how long.

Unfortunately, using preexec and postexec in the [profiles] share records a
logon at logon, then closes after X minutes, then records a logon (to
[profiles]) at logoff, then closes X minutes later.


> Wht I do is scan a samba server every 10 minutes, and look in the utmp
> file for any open connections.  If I find any, the user is still live.
> If I don't, he is logged out.

This isn't true from my experience. I have seen that even though someone has
authenticated via the PDC and has opened profile, netlogon and homes,
eventually all these close, even though the user is still logged into the
PC.


> Also, I've run some very informal testing, and an inactive share stayed
> connected overnight.  This is with Win98 and ME.

In addition to the above, I've had instances where the user has completely
logged out, the machine has been rebooted, a new user logged in, and utmp
still says the user has a share open (and thus "logged in"). I'm finding
utmp unreliable.

Ideally, we'd like a "signal" or method which says "user has logged in" at
logon and "user has logged out" at logoff. I was thinking something like
syslog, but I'm open to any suggestions; it doesn't matter if it's server or
client based, it just needs to be accurate.


> I don't know under what conditions an active connection would be
> connected and disconnected many times an hour.

An example is that we automagically mount the users home directory as U:.
The user clicks on U:, opens their home, accesses a file and works on the
file locally for a while. During this time, the share closes. When saving,
the share automatically opens again. This can happen many times in an hour
(or session), and each one records as a logon and logoff.


Regards,
Antony.
-----
Unix Systems Administrator
School of Computing & IT
University of Western Sydney
Phone: (02) 4736 0771
Fax: (02) 4736 0770

Programmer (n): One who makes the lies the salesman told come true.

She said she had nothing to wear. I smiled.

More information about the samba mailing list