Is it possible to trace Samba authenticated user? That is, after a user has been authenticated versus a Samba acting as PDC, is it possible to know if such user is still connected to the Microsoft network or they have been disconnected? What I would like to do is to use Samba as authentication server in order to grant the access to other services (for example Internet navigation through a proxy) and remove the access when such user disconnects from the network. Davide
Hi Davide, Samba is not really set up yet for 'auditing' services, which is what I think you're kinda looking for; HOWEVER, take a look at the 'pre-exec' and post-exec' options for the smb.conf file in the smb.conf man page; you can configure these to execute a program or script that would write to a file or database when the user logs in, and when he logs out, and use the resulting information to determine access to your other services if you like... Hope this helps, Don -----Original Message----- From: Davide Dozza [mailto:davide.dozza@yacme.com] Sent: Sunday, April 15, 2001 10:31 AM To: samba@lists.samba.org Subject: User authentication tracing Is it possible to trace Samba authenticated user? That is, after a user has been authenticated versus a Samba acting as PDC, is it possible to know if such user is still connected to the Microsoft network or they have been disconnected? What I would like to do is to use Samba as authentication server in order to grant the access to other services (for example Internet navigation through a proxy) and remove the access when such user disconnects from the network. Davide -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Hi Davide, You would probably just want to have them shot ;-) Just kidding... Actually if they do a proper shutdown of windows before turning the pc off, the os should disconnect any network drives as a part of it's graceful shutdown. If the REALLY just turn the power off, then they are asking for trouble anyway; but assuming that they do, you could use the "deadtime=" and "keepalive=" parameters to automatically disconnect clients that turn their pc's off after a specific amount of time. But read about these parameters in the man page, as they can also affect clients that are not turned off, but have no open files, and no activity to the server for a set period of time... Hope this helps, Don -----Original Message----- From: davide.dozza@yacme.com [mailto:davide.dozza@yacme.com] Sent: Tuesday, April 17, 2001 6:23 PM To: MCCALL,DON (HP-USA,ex1) Cc: samba@lists.samba.org Subject: Re: User authentication tracing Hi Don, this is really an useful tip, but how would you solve the problem for people who switch off the PC without disconnecting from the network? Ciao Davide "MCCALL,DON (HP-USA,ex1)" wrote:> > Hi Davide, > Samba is not really set up yet for 'auditing' services, which is what I > think you're > kinda looking for; > HOWEVER, take a look at the 'pre-exec' and post-exec' options for the > smb.conf file in the > smb.conf man page; you can configure these to execute a program or script > that would write > to a file or database when the user logs in, and when he logs out, and use > the resulting information to determine access to your other services ifyou> like... > Hope this helps, > Don > > -----Original Message----- > From: Davide Dozza [mailto:davide.dozza@yacme.com] > Sent: Sunday, April 15, 2001 10:31 AM > To: samba@lists.samba.org > Subject: User authentication tracing > > Is it possible to trace Samba authenticated user? > > That is, after a user has been authenticated versus a Samba acting > as PDC, is it possible to know if such user is still connected to the > Microsoft > network or they have been disconnected? > What I would like to do is to use Samba as authentication server in > order > to grant the access to other services (for example Internet navigation > through a proxy) and remove the access when such user disconnects > from the network. > > Davide > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Bill Moran wrote:> > >this is really an useful tip, but how would you solve the problem > >for people who switch off the PC without disconnecting from > >the network? > > I generally use a baseball bat. It's crude, but effective. > If you've got users who are hitting the power switch without properly > shutting down the PC, you've got bigger problems than zombie network > connections. I'd address the problem directly instead of trying to fix the > damage it does. > > -BillUhm, it doesn't look a bad idea. Unfortunately, the switching down is often due to Microsoft memory protection fault that forces the user to execute a hw reset. So it is unlikely I can convince users to put their hands on the desk in order to apply the baseball bat method.... -Davide -------------- next part -------------- A non-text attachment was scrubbed... Name: davide.dozza.vcf Type: text/x-vcard Size: 289 bytes Desc: Card for Davide Dozza Url : http://lists.samba.org/archive/samba/attachments/20010418/826c4026/davide.dozza.vcf
>this is really an useful tip, but how would you solve the problem >for people who switch off the PC without disconnecting from >the network?I generally use a baseball bat. It's crude, but effective. If you've got users who are hitting the power switch without properly shutting down the PC, you've got bigger problems than zombie network connections. I'd address the problem directly instead of trying to fix the damage it does. -Bill
Ahhh .... my mistake. I got a distinctly different idea from the post. In that case you've got a few options. Look at the "deadtime" and "keepalive" options in Samba's config. In the long run, the correct answer is still to address the real problem. Find the apps that are crashing and replace them or force the vendor to fix them. Unfortunately, that's not always an easy task. -Bill ---------- From: Davide Dozza Sent: Wednesday, April 18, 2001 7:59 AM To: Bill Moran Cc: MCCALL,DON (HP-USA,ex1); samba@lists.samba.org Subject: Re: User authentication tracing <<File: davide.dozza.vcf>> Bill Moran wrote:> > >this is really an useful tip, but how would you solve the problem > >for people who switch off the PC without disconnecting from > >the network? > > I generally use a baseball bat. It's crude, but effective. > If you've got users who are hitting the power switch without properly > shutting down the PC, you've got bigger problems than zombie network > connections. I'd address the problem directly instead of trying to fixthe> damage it does. > > -BillUhm, it doesn't look a bad idea. Unfortunately, the switching down is often due to Microsoft memory protection fault that forces the user to execute a hw reset. So it is unlikely I can convince users to put their hands on the desk in order to apply the baseball bat method.... -Davide