Re-2: [Samba] limit login

mups.cp mups.cp at gmail.com
Thu Sep 6 15:00:47 GMT 2007


I think that combining 'root preexec' with a script and 'utmp = Yes'
allows easily these checks.
the w command shows who is connect through smb. The script check this
before allow/deny the user.


On 9/6/07, Adam Tauno Williams <adamtaunowilliams at gmail.com> wrote:
> > > You are aware that once someone has logged in an
> > > administrator has to reset that account. This is *NOT*
> > > automatic if the user logs out from his first
> > > workstation. That functionality is impossible to achieve for
> > > us, Windows does not tell us when the user logs out.
> > Maybe I'm being naïve, or maybe it's just that I don't need this
> > functionality for anything, but I'd solve it by running regularly (every
> > hour, every ten minutes, whatever you determine appropriate) something
> > like this script:
> > #!/bin/bash
> > smbstatus -b | awk '{print "nobody = " $2}' > /etc/samba/smb.usermap
>
> No, this does not work.
>
> > Then set username map = /etc/samba/smb.usermap in smb.conf.  This should
> > cause any user who have a share mapped not to be able to authenticate
> > because their password is tested with the user nobody - until they are
> > logged out AND the script is run again.
> > Untested, and in need of refining, loose the top lines from smbstatus -b
> > for instance, but a start?
>
> The output of smbstatus is not terribly useful for this kind of purpose.
> You may see users listed after they have disconnected and you have to
> deal with that connections may drop and be recreated (deadtime, etc...)
> - none of which is tightly coupled with a logon/logoff event.  smbstatus
> doesn't provide sufficient information to solve the
> sign-on-to-single-workstation problem.
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>


More information about the samba mailing list