[Samba] Is there a way to enforce a single login domain wide

Gémes Géza geza at kzsdabas.sulinet.hu
Tue Oct 14 12:42:36 GMT 2003

Hash: SHA1


you could write a root prexec script for your netlogon share, wich would
check for runing smbd with the uid of the connection, and return an
error if there is such. And specifying root prexec close = yes on the
netlogon share, you could deny them.
The danger is that because of blocked clients you would got lots of
frustrated clients.

Good Luck!

Geza Gemes

John H Terpstra írta:
| On Mon, 13 Oct 2003, Douglas Phillipson wrote:
|>I didn't get any hits on this.  Does that mean it's not possible???
|>Has anyone enforced a "single instance" login policy somehow?  Is this a
|>reasonable question to ask?
| This is not possible. There is no way to do this with MS Windows 200x
| server - and there is no way to do this with Samba.
| - John T.
|>Douglas Phillipson wrote:
|> > I would like to enforce a policy for a user being only able to login
|>once anywhere in the Domain.  When you use roaming profiles, the system
|>gets confused and leaves the local profile on the client PC if the same
|>user logs in on a second machine while they are still loggewd in on the
|>first one.  This then causes the Samba profile to NOT get updated on
|>logout.  If a user is currently logged on a domain, I need that user to
|>be refused if they logon to a second machine until they logoff the first
|>machine.  Is this possible with Samba, or would I use some sort of logon
|>script to query something and force the user off at their second login
|>attempt?  When this problem occurs you have to reboot the machine and
|>remove the users local profile so it will again use the roaming profile
|>on the samba DC.  Very irritating...
|> >
|> > Thanks
|> >
|> > DSP

Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


More information about the samba mailing list