[Samba] deny second or multiple logins - Samba

This is a discussion on [Samba] deny second or multiple logins - Samba ; Hi, I'd like to deny multiple logins to a samba domain. I already searched the archive and found some threads about it. This one seems to be a good idea: http://lists.samba.org/archive/samba...il/119867.html Does anyone know where to find such scipt examples? ...

+ Reply to Thread
Results 1 to 14 of 14

Thread: [Samba] deny second or multiple logins

  1. [Samba] deny second or multiple logins

    Hi,

    I'd like to deny multiple logins to a samba domain. I already searched
    the archive and found some threads about it. This one seems to be a good
    idea:

    http://lists.samba.org/archive/samba...il/119867.html

    Does anyone know where to find such scipt examples?

    Thanks,
    Marcus


    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  2. Re: [Samba] deny second or multiple logins

    > I'd like to deny multiple logins to a samba domain. I already searched
    > the archive and found some threads about it. This one seems to be a good
    > idea:
    >
    > http://lists.samba.org/archive/samba...il/119867.html
    >
    > Does anyone know where to find such scipt examples?


    You can try here.
    http://us3.samba.org/samba/docs/man/....html#id386516

    Regards,

    Freitas
    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  3. Re: [Samba] deny second or multiple logins

    Hallo, Marcus,

    Du (lists) meintest am 01.04.07:

    > I'd like to deny multiple logins to a samba domain. I already
    > searched the archive and found some threads about it. This one seems
    > to be a good idea:


    > http://lists.samba.org/archive/samba...il/119867.html


    > Does anyone know where to find such scipt examples?


    What about "max connections" for the desired shares?

    Viele Gruesse!
    Helmut
    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  4. Re: [Samba] deny second or multiple logins

    Hi,

    Am Sonntag, den 01.04.2007, 10:49 -0300 schrieb Freitas:
    > > I'd like to deny multiple logins to a samba domain. I already searched
    > > the archive and found some threads about it. This one seems to be a good
    > > idea:
    > >
    > > http://lists.samba.org/archive/samba...il/119867.html
    > >
    > > Does anyone know where to find such scipt examples?

    >
    > You can try here.
    > http://us3.samba.org/samba/docs/man/....html#id386516



    Ah, great link. I was playing with smbstatus in these minutes :-) I'd
    like to put the preexec script paramteter to global or to netlogon
    section, not to a user's share section. What's best location?.

    At my netlogon section there is already the following line to create
    dynamic login scripts:

    root preexec = /usr/local/bin/make_logon_script '%m' '%U' '%a' '%g' '%
    L'

    How do I combine these two lines? The script PermitSingleLogon.sh should
    be executed before my old make_logon_script and if the return is 1 the
    login process should be aborted completely.

    Thanks,
    Marcus


    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  5. Re: [Samba] deny second or multiple logins

    Am Sonntag, den 01.04.2007, 16:10 +0200 schrieb Helmut Hullen:
    > Hallo, Marcus,
    >
    > Du (lists) meintest am 01.04.07:
    >
    > > I'd like to deny multiple logins to a samba domain. I already
    > > searched the archive and found some threads about it. This one seems
    > > to be a good idea:

    >
    > > http://lists.samba.org/archive/samba...il/119867.html

    >
    > > Does anyone know where to find such scipt examples?

    >
    > What about "max connections" for the desired shares?


    But then the user is already logged in :-) The user should be stoped one
    step before.

    Ciao!


    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  6. Re: [Samba] deny second or multiple logins

    Freitas wrote:

    > You can try here.
    > http://us3.samba.org/samba/docs/man/....html#id386516


    Sorry for being so stupid but how should this working?


    From the above link:

    preexec script = /sbin/PermitSingleLogon.sh

    Okay, this script is called without parameters before the share is opened.


    Here the script from the above link:

    #!/bin/bash

    IFS="-"
    RESULT=$(smbstatus -S -u $1 2> /dev/null | awk 'NF \
    > 6 {print $1}' | sort | uniq -d)


    if [ "X${RESULT}" == X ]; then
    exit 0
    else
    exit 1
    fi


    smbstatus is called with '-u $1' (user). But no parameter for the user
    is given in the preexec script and so $1 is empty.
    If correcting this with 'preexec script = /sbin/PermitSingleLogon.sh %u'
    the script is still failing.

    Don't know, what

    awk 'NF \
    > 6 {print $1}'


    should do.
    The output from 'smbstatus -S -u tb' for the user tb with open
    connection is:

    deveis > smbstatus -S -u tb

    Service pid machine Connected at
    -------------------------------------------------------
    tb 965 tb3 Sun Apr 1 19:53:55 2007

    deveis >


    The output without open connection is:

    deveis > smbstatus -S -u tb

    Service pid machine Connected at
    -------------------------------------------------------

    deveis >



    In all cases RESULT from the script is empty and multiple connections
    are never blocked...


    der tom
    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  7. Re: [Samba] deny second or multiple logins

    Hei,

    Am Sonntag, den 01.04.2007, 20:28 +0200 schrieb Thomas Bork:
    > Freitas wrote:
    >
    > > You can try here.
    > > http://us3.samba.org/samba/docs/man/....html#id386516

    >
    > Sorry for being so stupid but how should this working?


    I think the scipt is just an idea how to handle this problem. Here is my
    script:

    preexec script = /path/PermitSingleLogon.sh '%U'
    preexec close = Yes

    ----------
    #!/bin/bash

    RESULT=$(smbstatus -d0 -b -u $1 2> /dev/null | grep $1)

    if [ "X${RESULT}" == X ]; then
    exit 0
    else
    exit 1
    fi
    ----------

    But I still don't know how to combine this script with my existing logon
    script.

    Ciao,
    Marcus


    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  8. [Samba] OpenSourceHowTo.org

    hi everyone, i've setup a website so that users of open source server side
    software can come and look at instructional guides, how-to's, forums,
    wiki's and all sorts of other information about setting up software on
    Linux for both windows and Linux based networks.

    I am currently still working on it, adding new screen shots every day,
    hoping to double check a lot of my how-to's once the screen shots are
    added, re-write them to increase keyword density of my articles for better
    search engine results & once that is done i will hopefully be added
    streaming video of my how-to articles using either youtube embed code or
    revver embed code.

    http://www.opensourcehowto.org - OpenSourceHowTo.org

    http://www.opensourcehowto.org/how-t...-openldap.html - Setup
    OpenLDAP
    http://www.opensourcehowto.org/how-t...ba-as-pdc.html
    - OpenLDAP + LAM + Samba as PDC
    http://www.opensourcehowto.org/how-t...ntication.html
    - NTLM authentication on squid
    http://www.opensourcehowto.org/how-t...ntication.html
    - Squid and PAM authentication
    http://www.opensourcehowto.org/how-t...-openldap.html -
    OpenLDAP and OpenSSL on 636
    http://www.opensourcehowto.org/how-t...ectory-cn.html
    - Postfix aliases from the Active Directory CN
    http://www.opensourcehowto.org/how-t...--net2ftp.html
    - vsftpd + OpenSSL + Net2FTP
    http://www.opensourcehowto.org/how-t...id2-cache.html
    - Squid1(ntlm) => Dansguardian => Squid2(cache)
    http://www.opensourcehowto.org/how-t...d-manager.html
    - Squid, pam authentication & Squish download manager
    http://www.opensourcehowto.org/how-t...-and-havp.html - Squid
    and HAVP (http anti virus proxy)
    http://www.opensourcehowto.org/how-t...xy--squid.html -
    Privoxy & Squid
    http://www.opensourcehowto.org/how-t...ilohamail.html
    - Postfix + ClamAV + MailScanner + Dovercot
    http://www.opensourcehowto.org/how-t...on-fedora.html
    - Installing SquidGuard On Fedora
    http://www.opensourcehowto.org/how-t...er-groups.html
    - Dansguardian with different filter groups
    http://www.opensourcehowto.org/how-t...che--ldap.html
    - Mambo + MySql + PHP + Apache
    http://www.opensourcehowto.org/how-t...cplusplus.html -
    OpenDC HUB & DCplusplus
    http://www.opensourcehowto.org/how-t...ilohamail.html
    - Poptop VPN Server
    http://www.opensourcehowto.org/how-t...-and-dhcp.html - DDNS
    using Bind9 and DHCP
    http://www.opensourcehowto.org/how-t...ilohamail.html
    - pop3 Server On Fedora with IlohaMail
    http://www.opensourcehowto.org/how-t...pam--ldap.html
    - LDAP linux client with OpenLDAP server
    http://www.opensourcehowto.org/how-t...pam--ldap.html
    - LDAP linux client with Active Directory Server
    http://www.opensourcehowto.org/how-t...--postfix.html
    - Dovecot, SquirrelMail, Retrieve User Data, Active Directory, Winbind,
    Postfix
    http://www.opensourcehowto.org/how-t...plication.html
    - OpenLDAP Replication
    http://www.opensourcehowto.org/how-t...-for-pop3.html
    - Authentication against Active Directories using winbind for pop3
    http://www.opensourcehowto.org/how-t...tion-tool.html
    - SWAT (Samba Web AdministrationTool)
    http://www.opensourcehowto.org/how-t...d-postfix.html -
    OpenLDAP and postfix
    http://www.opensourcehowto.org/how-t...-openldap.html
    - phpldapadmin and openldap
    http://www.opensourcehowto.org/how-t...ra-core-3.html -
    xrdp installation from source
    http://www.opensourcehowto.org/how-t...for-squid.html
    - Personalized Denial page for squid
    http://www.opensourcehowto.org/how-t...rectories.html
    - Samba Primary Domain Controller with Group Policies
    http://www.opensourcehowto.org/how-t...rectories.html
    - Setup Apache 2 with Access to Home Directories
    http://www.opensourcehowto.org/how-t...ntication.html
    - Setup Apache 2 with OpenLDAP Authentication
    http://www.opensourcehowto.org/how-t...-on-eth01.html
    - Setup Virtual IP address on eth0:1
    http://www.opensourcehowto.org/how-t...h-openssl.html
    - Setup Apache 2 with OpenSSL
    http://www.opensourcehowto.org/how-t...ssl-certs.html
    - Apache 2 with Webdav & htpasswd using openSSL certs
    http://www.opensourcehowto.org/how-t...ual-hosts.html -
    Apache 2 & Virtual Hosts
    http://www.opensourcehowto.org/how-t...thz_owner.html
    - apache 2.2 & mod_authz_owner
    http://www.opensourcehowto.org/how-t...ntication.html
    - Apache, user access to home directories, webdav & openldap
    authentication
    http://www.opensourcehowto.org/how-t...a-install.html
    - TFTP + PXE + syslinux + Fedora install
    http://www.opensourcehowto.org/how-t...irrelmail.html
    - Dovecot imap/pop3 with openssl and squirrelmail
    http://www.opensourcehowto.org/how-t...uto-mount.html
    - Basic NFS share, mount, auto mount
    http://www.opensourcehowto.org/how-t...uto-reply.html
    - Procmail Vacation Auto-Reply
    http://www.opensourcehowto.org/how-t...inux--g4l.html -
    TFTP + PXE + syslinux + G4L
    http://www.opensourcehowto.org/how-t...searching.html
    - Setup Tor & Privoxy for anonymous searching
    http://www.opensourcehowto.org/how-t...ress-book.html
    - SquirrelMail, Mysql userprefs & Mysql Address book
    http://www.opensourcehowto.org/how-t...-saslauth.html
    - Postfix with OpenSSL and saslauth
    http://www.opensourcehowto.org/how-t...e-and-php.html
    - Active Directory as Address Book with apache and PHP
    http://www.opensourcehowto.org/how-t...--dovecot.html
    - Winbind Virtual Users, Postfix, Spamassassin, Procmail, SquirrelMail &
    Dovecot
    http://www.opensourcehowto.org/how-t...irrelmail.html
    - Postfix, Spamassassin, Procmail and SquirrelMail
    http://www.opensourcehowto.org/how-t...ws-domain.html
    - Print Server for a windows domain with a web gui
    http://www.opensourcehowto.org/how-t...rushammer.html -
    Virus scanning with VirusHammer
    http://www.opensourcehowto.org/how-t...interface.html
    - Basic CD Server with HTML interface
    http://www.opensourcehowto.org/how-t...pdc--wpkg.html
    - deploy Firefox with Samba PDC & wpkg
    http://www.opensourcehowto.org/how-t...-in-mysql.html
    - MySQL users, PostfixAdmin, Postfix, Dovecot & SquirrelMail with
    userprefs stored in mySQL
    http://www.opensourcehowto.org/how-t...s-du-jour.html
    - Fighting Spam With SpamAssassin, Pyzor, DCC, Razor & Rules Du Jour
    http://www.opensourcehowto.org/how-t...l--apache.html
    - backups with Bacula, MySql & Apache
    http://www.opensourcehowto.org/how-t...c--apache.html -
    BackupPc & Apache
    - VPN + ssl
    - Tomcat, MySql, J2ee, Alfresco CMS
    - Amanda backup
    - Squid & SARG
    - Squid with delay pools
    - Jabber messenger server with web client
    - Squid with proxy_auth & OpenLDAP
    - Samba file server with ClamAV doing on-access file scanning
    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  9. Re: [Samba] deny second or multiple logins

    Hallo, Marcus,

    Du (lists) meintest am 02.04.07:

    >>> http://us3.samba.org/samba/docs/man/...ction/Advanced
    >>> NetworkManagement.html#id386516


    > my script:


    > preexec script = /path/PermitSingleLogon.sh '%U'
    > preexec close = Yes


    > ----------
    > #!/bin/bash


    > RESULT=$(smbstatus -d0 -b -u $1 2> /dev/null | grep $1)


    > if [ "X${RESULT}" == X ]; then
    > exit 0
    > else
    > exit 1
    > fi
    > ----------


    Try

    ... | grep -c $1)

    and then

    test "$RESULT" -le 1 || exit 1
    exit 0


    Then "prexec close = yes" blocks the second (and all further) login.




    Viele Gruesse!
    Helmut
    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  10. Re: [Samba] deny second or multiple logins

    Hi,

    Am Montag, den 02.04.2007, 14:33 +0200 schrieb Helmut Hullen:
    > Hallo, Marcus,
    >
    > Du (lists) meintest am 02.04.07:
    >
    > >>> http://us3.samba.org/samba/docs/man/...ction/Advanced
    > >>> NetworkManagement.html#id386516

    >
    > > my script:

    >
    > > preexec script = /path/PermitSingleLogon.sh '%U'
    > > preexec close = Yes


    [...]

    The block mechnism itself ist working fine. I use this scipt to check if
    there are connects to a share with the same userid form differnet IPs:

    -------
    RESULT=$(smbstatus -d0 -b -u $1 2> /dev/null | grep $1 | awk '{print
    $5}' | uniq | wc -l)

    test "$RESULT" -eq 1 || exit 1
    -------

    But it seems, that windows reconnects the shares every few minutes. In
    this case, the script doesn't know anymore which client PC was first and
    is blocking both client PCs, the client first and all other clients :-(

    Ciao,
    Marcus



    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  11. Re: [Samba] deny second or multiple logins

    Hallo, Marcus,

    Du meintest am 03.04.07 zum Thema Re: [Samba] deny second or multiple logins:

    > RESULT=$(smbstatus -d0 -b -u $1 2> /dev/null | grep $1 | awk '{print
    > $5}' | uniq | wc -l)


    > test "$RESULT" -eq 1 || exit 1
    > -------


    That's no good idea.
    Try

    test "$RESULT" -eq 0

    Then the return level is 0 (= ok) for 0 , and it's 1 (not ok) for 1 or
    higher.

    Viele Gruesse!
    Helmut
    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  12. Re: [Samba] deny second or multiple logins

    Am Dienstag, den 03.04.2007, 21:47 +0200 schrieb Helmut Hullen:
    > Hallo, Marcus,
    >
    > Du meintest am 03.04.07 zum Thema Re: [Samba] deny second or multiple logins:
    >
    > > RESULT=$(smbstatus -d0 -b -u $1 2> /dev/null | grep $1 | awk '{print
    > > $5}' | uniq | wc -l)

    >
    > > test "$RESULT" -eq 1 || exit 1
    > > -------

    >
    > That's no good idea.
    > Try
    >
    > test "$RESULT" -eq 0
    >
    > Then the return level is 0 (= ok) for 0 , and it's 1 (not ok) for 1 or
    > higher.


    Hmmm, if the value of RESULUT is not 1 or higher, the scipt has to "exit
    1" (not ok), which is correct, because in this case the same userid
    tries to connect from different IPs.

    Ciao!


    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  13. Re: [Samba] deny second or multiple logins

    Hallo, Marcus,

    Du meintest am 04.04.07 zum Thema Re: [Samba] deny second or multiple logins:

    >>> test "$RESULT" -eq 1 || exit 1
    >>> -------


    >> That's no good idea.
    >> Try
    >>
    >> test "$RESULT" -eq 0
    >>
    >> Then the return level is 0 (= ok) for 0 , and it's 1 (not ok) for 1
    >> or higher.


    > Hmmm, if the value of RESULUT is not 1 or higher,


    That's the DOS way ...

    > the scipt has to "exit 1" (not ok), which is correct, because in this
    > case the same userid tries to connect from different IPs.


    Your script returns with 1 also if $RESULT is 0.
    My version returns with 0 if $RESULT is 0, otherwise with 1 (if it's the
    last line in the script).

    Viele Gruesse!
    Helmut
    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  14. Re: [Samba] deny second or multiple logins

    Hello Helmut,

    Am Mittwoch, den 04.04.2007, 08:55 +0200 schrieb Helmut Hullen:
    > Hallo, Marcus,
    >
    > Du meintest am 04.04.07 zum Thema Re: [Samba] deny second or multiple logins:
    >
    > >>> test "$RESULT" -eq 1 || exit 1
    > >>> -------

    >
    > >> That's no good idea.
    > >> Try
    > >>
    > >> test "$RESULT" -eq 0
    > >>
    > >> Then the return level is 0 (= ok) for 0 , and it's 1 (not ok) for 1
    > >> or higher.

    >
    > > Hmmm, if the value of RESULUT is not 1 or higher,

    >
    > That's the DOS way ...
    >
    > > the scipt has to "exit 1" (not ok), which is correct, because in this
    > > case the same userid tries to connect from different IPs.

    >
    > Your script returns with 1 also if $RESULT is 0.
    > My version returns with 0 if $RESULT is 0, otherwise with 1 (if it's the
    > last line in the script).


    Okay, let's finish this 1 or 0 result question, because this is not the
    main problem. The preexec parameter thing does not solve the problem of
    denying multiple logins. The user is still able to login, but no shares
    are mounted. And as I wrote in of my last emails, windows reconnects its
    shares every few minutes. In this case, the script doesn't know anymore
    which client PC was the user's first and therefore the script is
    blocking all client PCs, the first client and all following clients (of
    the user).
    To avoid this one has to set lock files with username and IP. These
    lock files could be removed with the postexec parameter. But what
    happens if a client PCs crashes and doesn't disconnect its shares? The
    postexec command will not run and if the user tries to connect from a
    different machine (or his machine is getting a new IP by dhcp after
    restart), the existing lock file is blocking the complete user. Any
    other ideas? Did nobody solve this problem?

    Ciao,
    Marcus


    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

+ Reply to Thread