[Samba] preexec scripts allowing logon under all conditions in 3.0.1
Douglas Phillipson
phillipd at oem.doe.gov
Thu Oct 16 21:23:32 GMT 2003
In an attempt to enforce a single login domain wide. I think preexec
scripts will work but when I test a script that returns a "1" the log
says I get denied but I still get logged in. Here is the info:
-----------------------------------------------------------------------------------------------
[netlogon]
comment = Network Logon Service
preexec close = yes
root preexec close = yes
preexec = /home/profiles/test.sh
root preexec = /home/profiles/test.sh
# root preexec = csh -c 'if [ -f /home/%u/.loggedon ] exit 0'
path = /home/netlogon
guest ok = no
writable = no
create mask = 0600
directory mask = 0700
----------------------------------------------------------------------------------------------
The script test.sh is just:
#!/bin/sh
#
exit 1
--------------------------------------------------------------------------------------------
The samba log says:
root preexec gave 1 - connection failing
Closed connection to service netlogon
But I still get logged on.
If I change the "1" to a "4" I get
root preexec gave 4 - connection failing
Closed connection to service netlogon
But I still get logged on.
If I change the "1" to a "0" I get no entry in the log and get logged
on. The parameter appears to be acknowledged but won't prevent a logon.
Any suggestions would be appreciated.
Regards
DSP
More information about the samba
mailing list