yes please this would fix problems with have with user loggin on at one end of the site then at the other later. -------- Original Message -------- Subject: Re: [Samba] limit login (05-Sep-2007 10:52) From: Volker.Lendecke@SerNet.DE To: damiend@mckennagroup.co.uk> Hi! > > On Wed, Sep 05, 2007 at 11:08:31AM +0200, Pascal Legrand wrote: > > > i'm looking for a solution to limit the login of a user . > > > > i mean when a user is already loged on one machine, it's not possible > > for him to log twice on an other machine at the same time. > > > > > > is there a way to do that ?? > > As discussed on irc: I've once written these logon_once > patches which don't apply cleanly anymore. There hasn't been > much interest at that time, so it has not been applied > upstream. You are one now, anybody else? > > Volker > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > > To: Pascal.Legrand@univ-orleans.fr > Cc: samba@lists.samba.org > samba-technical@samba.orgCc: samba@lists.samba.org samba-technical@samba.org
Hallo, Volker, Du (Volker.Lendecke) meintest am 05.09.07:>> yes please this would fix problems with have with user >> loggin on at one end of the site then at the other later.> Just to make sure:> You are aware that once someone has logged in an > administrator has to reset that account. This is *NOT* > automatic if the user logs out from his first > workstation. That functionality is impossible to achieve for > us, Windows does not tell us when the user logs out.Can a "postexec" line help? Viele Gruesse! Helmut
On Wed, Sep 05, 2007 at 02:38:00PM +0200, Helmut Hullen wrote:> > You are aware that once someone has logged in an > > administrator has to reset that account. This is *NOT* > > automatic if the user logs out from his first > > workstation. That functionality is impossible to achieve for > > us, Windows does not tell us when the user logs out. > > Can a "postexec" line help?No. Volker -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.samba.org/archive/samba/attachments/20070905/3c8e5d5f/attachment.bin
On Wed, Sep 05, 2007 at 12:14:25PM +0000, damiend@mckennagroup.co.uk wrote:> yes please this would fix problems with have with user > loggin on at one end of the site then at the other later.Just to make sure: You are aware that once someone has logged in an administrator has to reset that account. This is *NOT* automatic if the user logs out from his first workstation. That functionality is impossible to achieve for us, Windows does not tell us when the user logs out. Volker -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.samba.org/archive/samba/attachments/20070905/b8b7b7ce/attachment-0001.bin
Volker Lendecke wrote:> On Wed, Sep 05, 2007 at 12:14:25PM +0000, damiend@mckennagroup.co.uk wrote: > >> yes please this would fix problems with have with user >> loggin on at one end of the site then at the other later. > > Just to make sure: > > You are aware that once someone has logged in an > administrator has to reset that account. This is *NOT* > automatic if the user logs out from his first > workstation. That functionality is impossible to achieve for > us, Windows does not tell us when the user logs out.Maybe I'm being na?ve, or maybe it's just that I don't need this functionality for anything, but I'd solve it by running regularly (every hour, every ten minutes, whatever you determine appropriate) something like this script: #!/bin/bash smbstatus -b | awk '{print "nobody = " $2}' > /etc/samba/smb.usermap Then set username map = /etc/samba/smb.usermap in smb.conf. This should cause any user who have a share mapped not to be able to authenticate because their password is tested with the user nobody - until they are logged out AND the script is run again. Untested, and in need of refining, loose the top lines from smbstatus -b for instance, but a start? -BT -- Bj?rn Tore Sund Phone: 555-84894 Email: bjorn.sund@it.uib.no IT department VIP: 81724 Support: http://bs.uib.no Univ. of Bergen When in fear and when in doubt, run in circles, scream and shout.