[Samba] Connection scripts with the 'prexec' clause

Shaun Marolf shaun.marolf at gmail.com
Mon Aug 14 20:16:57 GMT 2006

On Monday 14 August 2006 14:57, Maurice Forte wrote:
> Hi all,
> I am running Samba 3.0.20B on an AIX server with SECURITY=USER using an
> LDAP backend.    I am looking for a way to capture the actual
> username(%USER_NAME%) that
> the client user is logged onto his individual workstation with and compare
> it with the user(%u) they are connecting with the share as.    If they are
> different,  I want to reject the user's connection.   After doing some
> reading,  it appears that a connection script with the 'preexec' clause is
> the way to go but the Samba environment variables only can intrepret
> client's hostname, netbios name, and ip address.   Is there a way for me
> to capture the client's logon id(%USERNAME%) or accomplish this task
> another way?
> Thanks in advance,
> Maurice Forte

I believe you can use LDAP to handle the security measures you are talking 
about. I don't know how to set LDAP to do that but someone in a LDAP forum 

However, keep in mind such a scheme may cause an issue if you have users 
working on a shared project that is kept in one, or both, of their users 
folders on the server. You should allow users the option to let other users 
access their files if need be. Again I have no clue how to setup LDAP to 
handle this but I believe it can be done.


It isn't about it being free. Rather its about the freedom it brings.

More information about the samba mailing list