Nagy Zoltan
2007-Feb-12 10:22 UTC
[Samba] domain logons - prevent multiple logins with the same account
hi i'm trying to solve this problem, i've came up with a solution, but i don't think that this is the best availibe method for this problem i read about that samba does provides a 'preexec' call that can prevent a share to be accessed, and i figured out, that with this i can reject access to a share if the user have already logged in from another maschine. and if i wrote the currently logged in computer name to a file on a share that can be accessed when the login is unsuccessfull, i can pop up a dialog on the client from the network logon script at client side when it detects that the user is trying to login to the domain twice, and write him where he have been logged in before. so..solution's logical outline: samba * [netlogon] * logon.bat * compare $home/.login_magic, $profile/.login_magic, if not the same, the client is trying to login twice.. pop-up message box with $home/.successfull_login_machine_name logoff user * this file check's %home%/.successfull_login_machine_name * [profiles] preexec close=yes preexec = prevent_multiple_logon.bash * if machine is the first login to the domain write machine name to $home/.successfull_login_machine_name write a random number to $home/.login_magic, $profile/.login_magic return ok else return false * [homes] not protected with preexec i haven't found a solution to prevent the client from logging in when the profile connection has been rejected, maybe i've missed the setting on the windows local security policy settings panel or i've missed a configuration option in my samba config? any suggestions? :) best regards, kirk
Ulf Norén
2007-Feb-12 10:35 UTC
[Samba] domain logons - prevent multiple logins with the same account
On Monday 12 February 2007 11:03, Nagy Zoltan wrote:> hi > > i'm trying to solve this problem, i've came up with a solution, but i don't > think that this is the best availibe method for this problem i read about > that samba does provides a 'preexec' call that can prevent a share to be > accessed, and i figured out, that with this i can reject access to a share > if the user have already logged in from another maschine. and if i wrote > the currently logged in computer name to a file on a share that can be > accessed when the login is unsuccessfull, i can pop up a dialog on the > client from the network logon script at client side when it detects that > the user is trying to login to the domain twice, and write him where he > have been logged in before. > > so..solution's logical outline: > samba > * [netlogon] > * logon.bat > * compare $home/.login_magic, $profile/.login_magic, if not the same, > the client is trying to login twice.. pop-up message box with > $home/.successfull_login_machine_name > logoff user > * this file check's %home%/.successfull_login_machine_name > * [profiles] > preexec close=yes > preexec = prevent_multiple_logon.bash > * if machine is the first login to the domain > write machine name to $home/.successfull_login_machine_name > write a random number to $home/.login_magic, $profile/.login_magic > return ok > else > return false > * [homes] > not protected with preexec > > i haven't found a solution to prevent the client from logging in when the > profile connection has been rejected, maybe i've missed the setting on the > windows local security policy settings panel > > or i've missed a configuration option in my samba config? > > > > any suggestions? :) > best regards, kirkI have done this. just put the preexec in the global scope. [global] . . preexec close=yes preexec = prevent_multiple_logon.bash . . [netlogon] /Ulf -- Ulf Nor?n IT-avd, Mittuniversitetet 0660-57899,070-5142781
Possibly Parallel Threads
- Is there a way to support both local and roaming profile with one server / domain?
- What triggers a make_user_info_map
- Winbind, cached logons and 'user persistency'...
- Winbind, cached logons and 'user persistency'...
- login generator always give login unsuccessfull