[Samba] Logon logging logs

Bill Arlofski waa-samba at revpol.com
Wed Mar 23 19:15:10 GMT 2005

My apologies for repsonding to my own message, but I was hoping that 
something that seems this simple would elicit some quick responses.

The short version is:  I need a method to log each user logon to a Samba 
PDC. Logging from a preexec script in the [netlogon] share works, but 
users are logged twice. Is there a correct way to do this so that each 
network logon is logged only once?

Original long version follows:

Bill Arlofski wrote:
> I'm looking for a simple solution to log a single entry for each login 
> to a Samba PDC.
> My current attempt(s) of using a root prexec script in either the 
> [netlogon] share definition or the [global] section are working, but not 
> exactly as expected.
> In [netlogon] I have an entry:
> root preexec = /path/to/script/makelogonscript.pl %g %u %m %I
> ...where makelogonscript.pl generates a customized logon script for each 
> user/group etc. AND, at the top of this script, a simple section has 
> been added to log to a logonlog.log file the following information:
> Date Time Primary_Group IP_Address machinename username
> So far so good. The problem I am seeing with this is that every time 
> someone logs into the domain, it appears that the [netlogon] share is 
> opened twice because this script writes two entries for each user, 
> usually about 4 seconds apart, sometimes about 10 seconds apart,  but I 
> have seen as high as 30 seconds or more.
> ie:
> 03-16-2005 12:14:00 group xx.xx.xx.xx  machinename username
> 03-16-2005 12:14:04 group xx.xx.xx.xx  machinename username
> Speaking in #samba on freenode we agreed that this might be because some 
> versions of windows temporarily map a Z: drive to the netlogon share and 
> then work off of that during the logon process.
> OK, so next up was putting a simple root preexec logging script in the 
> [global] section of smb.conf
> Similar, but not exact results were found.
> Most domain logins were logged twice, some were only logged once. Also, 
> there are now some entries with "nobody" as the group and username but 
> these "nobody"  entries can be easily omitted from reports with 
> sed/grep/awk/perl/whatever so they are inconsequential. :)
> So, I guess my basic question is:
> Where in the logon process is the correct place to tell Samba to do 
> something (ie: run this script) but do it only once?
> Thanks for any help!
> -
> Bill Arlofski

Bill Arlofski
waa-samba at revpol.com

More information about the samba mailing list