[Samba] Session Control Through LDAP/SAMBA
José M. Fandiño
samba at fadesa.es
Tue Apr 12 12:11:38 GMT 2005
John H Terpstra wrote:
>
> On Monday 11 April 2005 10:02, Donald Gunn wrote:
> > I need to limit certain users to logging in just once
> > Can it be done through LDAP/SAMBA?
>
> You would need to create a script that is executed by the "root preexec"
> facility to cause mutiple connections to be disallowed. It can be done,
> though I am not aware of any scripts that are available from currently
> contributed sources that permit this.
A workaround I use is a preexec script. Basically I run smbstatus to see if
there are shares with the username running and if so I reject all new connections
for this user.
AFAIK it isn't a perfect solution because windows auto-logout can give
the impression that a particular share isn't being used, but it works
surprisingly well as far as one share of the first session remains open
by the user.
I'd like to know other solutions, if any.
Thank you.
[netlogon]
preexec = /tmp/chk %u
preexec close = Yes
[...]
[homes]
preexec = /tmp/chk %u
preexec close = Yes
[...]
[technicians]
preexec = /tmp/chk %u
preexec close = Yes
[...]
[...]
/--------/
# cat /tmp/chk
#!/bin/bash
IFS="-"
RESULT=$(smbstatus -S -u $1 2> /dev/null | awk 'NF > 6 {print $1}' | sort | uniq -d)
if [ "X${RESULT}" == X ]; then
exit 0
else
exit 1
fi
--
-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GCS/IT d- s+:+() a31 C+++ UBL+++$ P+ L+++ E--- W++ N+ o++ K- w---
O+ M+ V- PS+ PE+ Y++ PGP+>+++ t+ 5 X+$ R- tv-- b+++ DI D++>+++
G++ e- h+(++) !r !z
------END GEEK CODE BLOCK------
More information about the samba
mailing list