[Samba] Authentication hook to run extra checks before allowing Windows login
Sebastian Arcus
s.arcus at open-t.co.uk
Fri Aug 30 23:02:23 UTC 2024
On 30/08/2024 18:51, spindles seven via samba wrote:
> On 30 August 2024 17:13 Sebastian Arcus wrote:
>>
>> Hello all. Does Samba in AD mode provide any sort hooks to run a script
>> when a user attempts to login, before replying to the authentication
>> attempt? I need to prevent certain users from being logged in from more
>> than one machine at the same time, and a script to check the username or
>> account against a previously saved record of which machine they last
>> logged in from and reject the authentication attempt might be able to
>> accomplish this. Any ideas much appreciated.
>>
>> Sebastian
>
> I don't think samba has any means to do this, and it's not built-in to AD, but take a look at this article for Windows client machines:
> https://learn.microsoft.com/en-us/archive/technet-wiki/37839.active-directory-limit-concurrent-user-logins?WT.mc_id=email
Hi and thank you for the reply and the info. I have already seen that
article, but I would prefer to run the scripts at the server and, and to
reject the authentication attempt during logon on the AD, not force the
machine to logoff after it has already logged on. I was thinking that if
there was a hook to run a script during the authentication request
against AD, I could use that to store the user, machine and session
information, and at subsequent authentication attempts to run checks if
the user has already logged on from another machine, and reject the
authentication attempt. Or something along these lines.
More information about the samba
mailing list