Tracking users logging in and out

[Dragos]

On Friday 25 January 2002 02:51 am, Yan Seiner wrote:
> Is your PDC a samba box?  I assume so from the discussion.  I am trying
> to do something similar; I want to open/close my firewall based on samba
> authentication.  For now, I'd rather err on the side of leniency, but if
> what you say is typical, it makes a shambles of my approach :-(
>
> Anyway, I have set up a /server/security share.  When a user logs in to
> it, the firewall opens to other services.  The user can then log into
> other samba servers; as long as any connections stay connected, the
> firewall stays open.  Once all connections are closed, the firewall
> closes and the user has to reconnect to the /server/security share to
> open the firewall.  This has worked well in limited tests (two servers,
> three clients) but based on your note, I wonder if it would work in the
> real world.
>
> My clients are Win9x and ME; I intentionally do not support Win NT/2K
> for domain logons.
>
> --Yan
>
> Antony Healey wrote:
> > > I don't see how you can discern the "intent" of the user.  Windows
> > > logins are share based.  If a user logs out intentionally, you want to
> > > log that.  If, however, he is logged out due to inactivity or because
> > > he has dicsonnected from a share like a printer, you don't want to log
> > > that.
> >
> > I understand what you're saying.
> >
> > What we want to log is when someone logs into the PDC, and then when they
> > log out again, whether by actually logging out, or being logged out due
> > to idling. Essentially, we want to know who is logged into what machine,
> > when and for how long.
> >
> > Unfortunately, using preexec and postexec in the [profiles] share records
> > a logon at logon, then closes after X minutes, then records a logon (to
> > [profiles]) at logoff, then closes X minutes later.
> >
> > > Wht I do is scan a samba server every 10 minutes, and look in the utmp
> > > file for any open connections.  If I find any, the user is still live.
> > > If I don't, he is logged out.
> >
> > This isn't true from my experience. I have seen that even though someone
> > has authenticated via the PDC and has opened profile, netlogon and homes,
> > eventually all these close, even though the user is still logged into the
> > PC.
> >
> > > Also, I've run some very informal testing, and an inactive share stayed
> > > connected overnight.  This is with Win98 and ME.
> >
> > In addition to the above, I've had instances where the user has
> > completely logged out, the machine has been rebooted, a new user logged
> > in, and utmp still says the user has a share open (and thus "logged in").
> > I'm finding utmp unreliable.
> >
> > Ideally, we'd like a "signal" or method which says "user has logged in"
> > at logon and "user has logged out" at logoff. I was thinking something
> > like syslog, but I'm open to any suggestions; it doesn't matter if it's
> > server or client based, it just needs to be accurate.
> >
> > > I don't know under what conditions an active connection would be
> > > connected and disconnected many times an hour.
> >
> > An example is that we automagically mount the users home directory as U:.
> > The user clicks on U:, opens their home, accesses a file and works on the
> > file locally for a while. During this time, the share closes. When
> > saving, the share automatically opens again. This can happen many times
> > in an hour (or session), and each one records as a logon and logoff.
> >
> > Regards,
> > Antony.
hello,
I have an parameter in my smb.conf "deadtime = 10"; it tells samba that after 
10 minutes of inactivity for a session, it should close it; so, when a user 
clicks on an network drive, windoze transparently connects him again, and 
after 10 minutes of inactivity...
It's good on system resources, it doesn't keep memory allocated when it isn't 
needed; but for your case maybe it shouldn't get set. Anyway, it's not 
entirely reliable, because if windoze freezes and gets reset, it never logs 
off...

hope this helps,
dragos