[Samba] Logon logging logs
waa-samba at revpol.com
Wed Mar 23 19:15:10 GMT 2005
My apologies for repsonding to my own message, but I was hoping that
something that seems this simple would elicit some quick responses.
The short version is: I need a method to log each user logon to a Samba
PDC. Logging from a preexec script in the [netlogon] share works, but
users are logged twice. Is there a correct way to do this so that each
network logon is logged only once?
Original long version follows:
Bill Arlofski wrote:
> I'm looking for a simple solution to log a single entry for each login
> to a Samba PDC.
> My current attempt(s) of using a root prexec script in either the
> [netlogon] share definition or the [global] section are working, but not
> exactly as expected.
> In [netlogon] I have an entry:
> root preexec = /path/to/script/makelogonscript.pl %g %u %m %I
> ...where makelogonscript.pl generates a customized logon script for each
> user/group etc. AND, at the top of this script, a simple section has
> been added to log to a logonlog.log file the following information:
> Date Time Primary_Group IP_Address machinename username
> So far so good. The problem I am seeing with this is that every time
> someone logs into the domain, it appears that the [netlogon] share is
> opened twice because this script writes two entries for each user,
> usually about 4 seconds apart, sometimes about 10 seconds apart, but I
> have seen as high as 30 seconds or more.
> 03-16-2005 12:14:00 group xx.xx.xx.xx machinename username
> 03-16-2005 12:14:04 group xx.xx.xx.xx machinename username
> Speaking in #samba on freenode we agreed that this might be because some
> versions of windows temporarily map a Z: drive to the netlogon share and
> then work off of that during the logon process.
> OK, so next up was putting a simple root preexec logging script in the
> [global] section of smb.conf
> Similar, but not exact results were found.
> Most domain logins were logged twice, some were only logged once. Also,
> there are now some entries with "nobody" as the group and username but
> these "nobody" entries can be easily omitted from reports with
> sed/grep/awk/perl/whatever so they are inconsequential. :)
> So, I guess my basic question is:
> Where in the logon process is the correct place to tell Samba to do
> something (ie: run this script) but do it only once?
> Thanks for any help!
> Bill Arlofski
waa-samba at revpol.com
More information about the samba