[Samba] Session Control Through LDAP/SAMBA

José M. Fandiño samba at fadesa.es
Tue Apr 12 12:11:38 GMT 2005

John H Terpstra wrote:
> On Monday 11 April 2005 10:02, Donald Gunn wrote:
> > I need to limit certain users to  logging in just once
> > Can it be done through LDAP/SAMBA?
> You would need to create a script that is executed by the "root preexec"
> facility to cause mutiple connections to be disallowed. It can be done,
> though I am not aware of any scripts that are available from currently
> contributed sources that permit this.

A workaround I use is a preexec script. Basically I run smbstatus to see if 
there are shares with the username running and if so I reject all new connections
for this user. 

AFAIK it isn't a perfect solution because windows auto-logout can give 
the impression that a particular share isn't being used, but it works
surprisingly well as far as one share of the first session remains open
by the user.

I'd like to know other solutions, if any. 
Thank you.

        preexec = /tmp/chk %u
        preexec close = Yes

        preexec = /tmp/chk %u
        preexec close = Yes

        preexec = /tmp/chk %u
        preexec close = Yes



# cat /tmp/chk

RESULT=$(smbstatus -S -u $1 2> /dev/null | awk 'NF > 6 {print $1}' | sort | uniq -d)

if [ "X${RESULT}" == X  ]; then
  exit 0
  exit 1

Version: 3.1
GCS/IT d- s+:+() a31 C+++ UBL+++$ P+ L+++ E--- W++ N+ o++ K- w---
O+ M+ V- PS+ PE+ Y++ PGP+>+++ t+ 5 X+$ R- tv-- b+++ DI D++>+++
G++ e- h+(++) !r !z

More information about the samba mailing list