[Samba] Is there a way to enforce a single login domain wide
Douglas Phillipson
phillipd at oem.doe.gov
Tue Oct 14 21:07:13 GMT 2003
I just tested the process/uid check theory. Upon initail login the new
smbd process is owned by the user but with no activity on any shares
it switches to being owned by root in a minute. I guess I could use a
script to touch a file with the users login name or uid and just check
for that upon login and remove it on logout...
Anyone have any better ideas?
DSP
Gémes Géza wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I.M.H.O
>
> you could write a root prexec script for your netlogon share, wich would
> check for runing smbd with the uid of the connection, and return an
> error if there is such. And specifying root prexec close = yes on the
> netlogon share, you could deny them.
> The danger is that because of blocked clients you would got lots of
> frustrated clients.
>
> Good Luck!
>
> Geza Gemes
>
> John H Terpstra írta:
> | On Mon, 13 Oct 2003, Douglas Phillipson wrote:
> |
> |
> |>I didn't get any hits on this. Does that mean it's not possible???
> |>Has anyone enforced a "single instance" login policy somehow? Is this a
> |>reasonable question to ask?
> |
> |
> | This is not possible. There is no way to do this with MS Windows 200x
> | server - and there is no way to do this with Samba.
> |
> | - John T.
> |
> |
> |>DSP
> |>
> |>Douglas Phillipson wrote:
> |>
> |> > I would like to enforce a policy for a user being only able to login
> |>once anywhere in the Domain. When you use roaming profiles, the system
> |>gets confused and leaves the local profile on the client PC if the same
> |>user logs in on a second machine while they are still loggewd in on the
> |>first one. This then causes the Samba profile to NOT get updated on
> |>logout. If a user is currently logged on a domain, I need that user to
> |>be refused if they logon to a second machine until they logoff the first
> |>machine. Is this possible with Samba, or would I use some sort of logon
> |>script to query something and force the user off at their second login
> |>attempt? When this problem occurs you have to reboot the machine and
> |>remove the users local profile so it will again use the roaming profile
> |>on the samba DC. Very irritating...
> |> >
> |> > Thanks
> |> >
> |> > DSP
> |>
> |>
> |
> |
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.2 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQE/i+88/PxuIn+i1pIRAi+fAJ0Yc/e6H8MyKxc0z8s1FnWhLsFVyACgh7vh
> G3SEihFi0OPiVpUSvBFZZvA=
> =SjHf
> -----END PGP SIGNATURE-----
>
>
>
More information about the samba
mailing list