[Samba] domain logons - prevent multiple logins with the same account

Nagy Zoltan nagy.zoltan at cit.hu
Mon Feb 12 10:03:16 GMT 2007


i'm trying to solve this problem, i've came up with a solution, but i don't think that this is the best availibe method for this problem
i read about that samba does provides a 'preexec' call that can prevent a share to be accessed, and i figured out, that with this i can
reject access to a share if the user have already logged in from another maschine.
and if i wrote the currently logged in computer name to a file on a share that can be accessed when the login is unsuccessfull,
i can pop up a dialog on the client from the network logon script at client side when it detects that the user is trying to login to the domain
twice, and write him where he have been logged in before.

so..solution's logical outline:
	* [netlogon]
		* logon.bat
			* compare  $home/.login_magic, $profile/.login_magic, if not the same, the client is trying to login twice..
				pop-up message box with $home/.successfull_login_machine_name
				logoff user
			* this file check's %home%/.successfull_login_machine_name
	* [profiles]
		preexec close=yes
		preexec = prevent_multiple_logon.bash
			* if machine is the first login to the domain
					write machine name to $home/.successfull_login_machine_name
					write a random number to $home/.login_magic, $profile/.login_magic
					return ok
					return false
	* [homes]
		not protected with preexec

i haven't found a solution to prevent the client from logging in when the profile connection has been rejected,
maybe i've missed the setting on the windows local security policy settings panel

or i've missed a configuration option in my samba config?

any suggestions? :)
best regards, kirk

More information about the samba mailing list