Tracking users logging in and out

[Yan Seiner]

Is your PDC a samba box?  I assume so from the discussion.  I am trying
to do something similar; I want to open/close my firewall based on samba
authentication.  For now, I'd rather err on the side of leniency, but if
what you say is typical, it makes a shambles of my approach :-(

Anyway, I have set up a /server/security share.  When a user logs in to
it, the firewall opens to other services.  The user can then log into
other samba servers; as long as any connections stay connected, the
firewall stays open.  Once all connections are closed, the firewall
closes and the user has to reconnect to the /server/security share to
open the firewall.  This has worked well in limited tests (two servers,
three clients) but based on your note, I wonder if it would work in the
real world.

My clients are Win9x and ME; I intentionally do not support Win NT/2K
for domain logons.

--Yan

Antony Healey wrote:
> 
> > I don't see how you can discern the "intent" of the user.  Windows
> > logins are share based.  If a user logs out intentionally, you want to
> > log that.  If, however, he is logged out due to inactivity or because he
> > has dicsonnected from a share like a printer, you don't want to log
> > that.
> 
> I understand what you're saying.
> 
> What we want to log is when someone logs into the PDC, and then when they
> log out again, whether by actually logging out, or being logged out due to
> idling. Essentially, we want to know who is logged into what machine, when
> and for how long.
> 
> Unfortunately, using preexec and postexec in the [profiles] share records a
> logon at logon, then closes after X minutes, then records a logon (to
> [profiles]) at logoff, then closes X minutes later.
> 
> > Wht I do is scan a samba server every 10 minutes, and look in the utmp
> > file for any open connections.  If I find any, the user is still live.
> > If I don't, he is logged out.
> 
> This isn't true from my experience. I have seen that even though someone has
> authenticated via the PDC and has opened profile, netlogon and homes,
> eventually all these close, even though the user is still logged into the
> PC.
> 
> > Also, I've run some very informal testing, and an inactive share stayed
> > connected overnight.  This is with Win98 and ME.
> 
> In addition to the above, I've had instances where the user has completely
> logged out, the machine has been rebooted, a new user logged in, and utmp
> still says the user has a share open (and thus "logged in"). I'm finding
> utmp unreliable.
> 
> Ideally, we'd like a "signal" or method which says "user has logged in" at
> logon and "user has logged out" at logoff. I was thinking something like
> syslog, but I'm open to any suggestions; it doesn't matter if it's server or
> client based, it just needs to be accurate.
> 
> > I don't know under what conditions an active connection would be
> > connected and disconnected many times an hour.
> 
> An example is that we automagically mount the users home directory as U:.
> The user clicks on U:, opens their home, accesses a file and works on the
> file locally for a while. During this time, the share closes. When saving,
> the share automatically opens again. This can happen many times in an hour
> (or session), and each one records as a logon and logoff.
> 
> Regards,
> Antony.
> -----
> Unix Systems Administrator
> School of Computing & IT
> University of Western Sydney
> Phone: (02) 4736 0771
> Fax: (02) 4736 0770
> 
> Programmer (n): One who makes the lies the salesman told come true.
> 
> She said she had nothing to wear. I smiled.
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba

-- 
Daddy, did all the hair that fell off your head stick to your arms?
Akari, age 4
 ... 
 oberon.cardhome.lan: 7:41pm up 5 days, 7:33, 6 users, load average:
0.19, 0.26, 0.16