Jack Mendez
2008-Mar-21 14:38 UTC
[Samba] refuse login from more then one machine at a time.
Hello listers, I am using samba 3.0.24 on Ubuntu. I need to deny users from logging on to the domain and any shares from more then one machine. The users are now able to login, walk over to another machine and log in again user the same username and password for as many machines as they like. I do want them to be able to login to any machine on the network so deny hosts won?t work for my solution. The sample scripts are not working properly in my environment and once I upgrade I understand they will not function at all. The max connections per share are not applicable because once the user provides the password they are already logged on to the domain. I need a complete, workable solution. Links to the scripts, http://lists.samba.org/archive/samba...il/119867.html and http://us3.samba.org/samba/docs/man/....html#id386516 in the archive as I said previously do not work. These are xp systems with all the patches in place. Thanks Jack
Ross S. W. Walker
2008-Mar-21 14:51 UTC
[Samba] refuse login from more then one machine at a time.
Jack Mendez wrote:> > Hello listers, > I am using samba 3.0.24 on Ubuntu. I need to deny users from logging on > to the domain and any shares from more then one machine. The users are > now able to login, walk over to another machine and log in again user the > same username and password for as many machines as they like. I do want > them to be able to login to any machine on the network so deny hosts won't > work for my solution. The sample scripts are not working properly in my > environment and once I upgrade I understand they will not function at all. > The max connections per share are not applicable because once the user > provides the password they are already logged on to the domain. I need a > complete, workable solution. Links to the scripts, > http://lists.samba.org/archive/samba...il/119867.html and > http://us3.samba.org/samba/docs/man/....html#id386516 in the archive as > I said previously do not work. These are xp systems with all the patches > in place.Jack, I think you are asking too much here and even if you manage to hack it to work there will be an overwhelming increase in the number of support calls as users will be mistakenly blocked from logging in due to either a hung session or a file share opened indirectly elsewhere. I have such a thing going here, but I am using thin clients on the desktops and a pool of terminal servers for users to log in to on the backend, combined with session directory and a group policy limit of 1 terminal session per user, but with full desktops you don't have that luxury. -Ross ______________________________________________________________________ This e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this e-mail, and any attachments thereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify the sender and permanently delete the original and any copy or printout thereof.