This is a discussion on [Samba] deny second or multiple logins - Samba ; Hi, I'd like to deny multiple logins to a samba domain. I already searched the archive and found some threads about it. This one seems to be a good idea: http://lists.samba.org/archive/samba...il/119867.html Does anyone know where to find such scipt examples? ...
Hi,
I'd like to deny multiple logins to a samba domain. I already searched
the archive and found some threads about it. This one seems to be a good
idea:
http://lists.samba.org/archive/samba...il/119867.html
Does anyone know where to find such scipt examples?
Thanks,
Marcus
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
> I'd like to deny multiple logins to a samba domain. I already searched
> the archive and found some threads about it. This one seems to be a good
> idea:
>
> http://lists.samba.org/archive/samba...il/119867.html
>
> Does anyone know where to find such scipt examples?
You can try here.
http://us3.samba.org/samba/docs/man/....html#id386516
Regards,
Freitas
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Hallo, Marcus,
Du (lists) meintest am 01.04.07:
> I'd like to deny multiple logins to a samba domain. I already
> searched the archive and found some threads about it. This one seems
> to be a good idea:
> http://lists.samba.org/archive/samba...il/119867.html
> Does anyone know where to find such scipt examples?
What about "max connections" for the desired shares?
Viele Gruesse!
Helmut
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Hi,
Am Sonntag, den 01.04.2007, 10:49 -0300 schrieb Freitas:
> > I'd like to deny multiple logins to a samba domain. I already searched
> > the archive and found some threads about it. This one seems to be a good
> > idea:
> >
> > http://lists.samba.org/archive/samba...il/119867.html
> >
> > Does anyone know where to find such scipt examples?
>
> You can try here.
> http://us3.samba.org/samba/docs/man/....html#id386516
Ah, great link. I was playing with smbstatus in these minutes :-) I'd
like to put the preexec script paramteter to global or to netlogon
section, not to a user's share section. What's best location?.
At my netlogon section there is already the following line to create
dynamic login scripts:
root preexec = /usr/local/bin/make_logon_script '%m' '%U' '%a' '%g' '%
L'
How do I combine these two lines? The script PermitSingleLogon.sh should
be executed before my old make_logon_script and if the return is 1 the
login process should be aborted completely.
Thanks,
Marcus
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Am Sonntag, den 01.04.2007, 16:10 +0200 schrieb Helmut Hullen:
> Hallo, Marcus,
>
> Du (lists) meintest am 01.04.07:
>
> > I'd like to deny multiple logins to a samba domain. I already
> > searched the archive and found some threads about it. This one seems
> > to be a good idea:
>
> > http://lists.samba.org/archive/samba...il/119867.html
>
> > Does anyone know where to find such scipt examples?
>
> What about "max connections" for the desired shares?
But then the user is already logged in :-) The user should be stoped one
step before.
Ciao!
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Freitas wrote:
> You can try here.
> http://us3.samba.org/samba/docs/man/....html#id386516
Sorry for being so stupid but how should this working?
From the above link:
preexec script = /sbin/PermitSingleLogon.sh
Okay, this script is called without parameters before the share is opened.
Here the script from the above link:
#!/bin/bash
IFS="-"
RESULT=$(smbstatus -S -u $1 2> /dev/null | awk 'NF \
> 6 {print $1}' | sort | uniq -d)
if [ "X${RESULT}" == X ]; then
exit 0
else
exit 1
fi
smbstatus is called with '-u $1' (user). But no parameter for the user
is given in the preexec script and so $1 is empty.
If correcting this with 'preexec script = /sbin/PermitSingleLogon.sh %u'
the script is still failing.
Don't know, what
awk 'NF \
> 6 {print $1}'
should do.
The output from 'smbstatus -S -u tb' for the user tb with open
connection is:
deveis > smbstatus -S -u tb
Service pid machine Connected at
-------------------------------------------------------
tb 965 tb3 Sun Apr 1 19:53:55 2007
deveis >
The output without open connection is:
deveis > smbstatus -S -u tb
Service pid machine Connected at
-------------------------------------------------------
deveis >
In all cases RESULT from the script is empty and multiple connections
are never blocked...
der tom
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Hei,
Am Sonntag, den 01.04.2007, 20:28 +0200 schrieb Thomas Bork:
> Freitas wrote:
>
> > You can try here.
> > http://us3.samba.org/samba/docs/man/....html#id386516
>
> Sorry for being so stupid but how should this working?
I think the scipt is just an idea how to handle this problem. Here is my
script:
preexec script = /path/PermitSingleLogon.sh '%U'
preexec close = Yes
----------
#!/bin/bash
RESULT=$(smbstatus -d0 -b -u $1 2> /dev/null | grep $1)
if [ "X${RESULT}" == X ]; then
exit 0
else
exit 1
fi
----------
But I still don't know how to combine this script with my existing logon
script.
Ciao,
Marcus
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
hi everyone, i've setup a website so that users of open source server side
software can come and look at instructional guides, how-to's, forums,
wiki's and all sorts of other information about setting up software on
Linux for both windows and Linux based networks.
I am currently still working on it, adding new screen shots every day,
hoping to double check a lot of my how-to's once the screen shots are
added, re-write them to increase keyword density of my articles for better
search engine results & once that is done i will hopefully be added
streaming video of my how-to articles using either youtube embed code or
revver embed code.
http://www.opensourcehowto.org - OpenSourceHowTo.org
http://www.opensourcehowto.org/how-t...-openldap.html - Setup
OpenLDAP
http://www.opensourcehowto.org/how-t...ba-as-pdc.html
- OpenLDAP + LAM + Samba as PDC
http://www.opensourcehowto.org/how-t...ntication.html
- NTLM authentication on squid
http://www.opensourcehowto.org/how-t...ntication.html
- Squid and PAM authentication
http://www.opensourcehowto.org/how-t...-openldap.html -
OpenLDAP and OpenSSL on 636
http://www.opensourcehowto.org/how-t...ectory-cn.html
- Postfix aliases from the Active Directory CN
http://www.opensourcehowto.org/how-t...--net2ftp.html
- vsftpd + OpenSSL + Net2FTP
http://www.opensourcehowto.org/how-t...id2-cache.html
- Squid1(ntlm) => Dansguardian => Squid2(cache)
http://www.opensourcehowto.org/how-t...d-manager.html
- Squid, pam authentication & Squish download manager
http://www.opensourcehowto.org/how-t...-and-havp.html - Squid
and HAVP (http anti virus proxy)
http://www.opensourcehowto.org/how-t...xy--squid.html -
Privoxy & Squid
http://www.opensourcehowto.org/how-t...ilohamail.html
- Postfix + ClamAV + MailScanner + Dovercot
http://www.opensourcehowto.org/how-t...on-fedora.html
- Installing SquidGuard On Fedora
http://www.opensourcehowto.org/how-t...er-groups.html
- Dansguardian with different filter groups
http://www.opensourcehowto.org/how-t...che--ldap.html
- Mambo + MySql + PHP + Apache
http://www.opensourcehowto.org/how-t...cplusplus.html -
OpenDC HUB & DCplusplus
http://www.opensourcehowto.org/how-t...ilohamail.html
- Poptop VPN Server
http://www.opensourcehowto.org/how-t...-and-dhcp.html - DDNS
using Bind9 and DHCP
http://www.opensourcehowto.org/how-t...ilohamail.html
- pop3 Server On Fedora with IlohaMail
http://www.opensourcehowto.org/how-t...pam--ldap.html
- LDAP linux client with OpenLDAP server
http://www.opensourcehowto.org/how-t...pam--ldap.html
- LDAP linux client with Active Directory Server
http://www.opensourcehowto.org/how-t...--postfix.html
- Dovecot, SquirrelMail, Retrieve User Data, Active Directory, Winbind,
Postfix
http://www.opensourcehowto.org/how-t...plication.html
- OpenLDAP Replication
http://www.opensourcehowto.org/how-t...-for-pop3.html
- Authentication against Active Directories using winbind for pop3
http://www.opensourcehowto.org/how-t...tion-tool.html
- SWAT (Samba Web AdministrationTool)
http://www.opensourcehowto.org/how-t...d-postfix.html -
OpenLDAP and postfix
http://www.opensourcehowto.org/how-t...-openldap.html
- phpldapadmin and openldap
http://www.opensourcehowto.org/how-t...ra-core-3.html -
xrdp installation from source
http://www.opensourcehowto.org/how-t...for-squid.html
- Personalized Denial page for squid
http://www.opensourcehowto.org/how-t...rectories.html
- Samba Primary Domain Controller with Group Policies
http://www.opensourcehowto.org/how-t...rectories.html
- Setup Apache 2 with Access to Home Directories
http://www.opensourcehowto.org/how-t...ntication.html
- Setup Apache 2 with OpenLDAP Authentication
http://www.opensourcehowto.org/how-t...-on-eth01.html
- Setup Virtual IP address on eth0:1
http://www.opensourcehowto.org/how-t...h-openssl.html
- Setup Apache 2 with OpenSSL
http://www.opensourcehowto.org/how-t...ssl-certs.html
- Apache 2 with Webdav & htpasswd using openSSL certs
http://www.opensourcehowto.org/how-t...ual-hosts.html -
Apache 2 & Virtual Hosts
http://www.opensourcehowto.org/how-t...thz_owner.html
- apache 2.2 & mod_authz_owner
http://www.opensourcehowto.org/how-t...ntication.html
- Apache, user access to home directories, webdav & openldap
authentication
http://www.opensourcehowto.org/how-t...a-install.html
- TFTP + PXE + syslinux + Fedora install
http://www.opensourcehowto.org/how-t...irrelmail.html
- Dovecot imap/pop3 with openssl and squirrelmail
http://www.opensourcehowto.org/how-t...uto-mount.html
- Basic NFS share, mount, auto mount
http://www.opensourcehowto.org/how-t...uto-reply.html
- Procmail Vacation Auto-Reply
http://www.opensourcehowto.org/how-t...inux--g4l.html -
TFTP + PXE + syslinux + G4L
http://www.opensourcehowto.org/how-t...searching.html
- Setup Tor & Privoxy for anonymous searching
http://www.opensourcehowto.org/how-t...ress-book.html
- SquirrelMail, Mysql userprefs & Mysql Address book
http://www.opensourcehowto.org/how-t...-saslauth.html
- Postfix with OpenSSL and saslauth
http://www.opensourcehowto.org/how-t...e-and-php.html
- Active Directory as Address Book with apache and PHP
http://www.opensourcehowto.org/how-t...--dovecot.html
- Winbind Virtual Users, Postfix, Spamassassin, Procmail, SquirrelMail &
Dovecot
http://www.opensourcehowto.org/how-t...irrelmail.html
- Postfix, Spamassassin, Procmail and SquirrelMail
http://www.opensourcehowto.org/how-t...ws-domain.html
- Print Server for a windows domain with a web gui
http://www.opensourcehowto.org/how-t...rushammer.html -
Virus scanning with VirusHammer
http://www.opensourcehowto.org/how-t...interface.html
- Basic CD Server with HTML interface
http://www.opensourcehowto.org/how-t...pdc--wpkg.html
- deploy Firefox with Samba PDC & wpkg
http://www.opensourcehowto.org/how-t...-in-mysql.html
- MySQL users, PostfixAdmin, Postfix, Dovecot & SquirrelMail with
userprefs stored in mySQL
http://www.opensourcehowto.org/how-t...s-du-jour.html
- Fighting Spam With SpamAssassin, Pyzor, DCC, Razor & Rules Du Jour
http://www.opensourcehowto.org/how-t...l--apache.html
- backups with Bacula, MySql & Apache
http://www.opensourcehowto.org/how-t...c--apache.html -
BackupPc & Apache
- VPN + ssl
- Tomcat, MySql, J2ee, Alfresco CMS
- Amanda backup
- Squid & SARG
- Squid with delay pools
- Jabber messenger server with web client
- Squid with proxy_auth & OpenLDAP
- Samba file server with ClamAV doing on-access file scanning
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Hallo, Marcus,
Du (lists) meintest am 02.04.07:
>>> http://us3.samba.org/samba/docs/man/...ction/Advanced
>>> NetworkManagement.html#id386516
> my script:
> preexec script = /path/PermitSingleLogon.sh '%U'
> preexec close = Yes
> ----------
> #!/bin/bash
> RESULT=$(smbstatus -d0 -b -u $1 2> /dev/null | grep $1)
> if [ "X${RESULT}" == X ]; then
> exit 0
> else
> exit 1
> fi
> ----------
Try
... | grep -c $1)
and then
test "$RESULT" -le 1 || exit 1
exit 0
Then "prexec close = yes" blocks the second (and all further) login.
Viele Gruesse!
Helmut
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Hi,
Am Montag, den 02.04.2007, 14:33 +0200 schrieb Helmut Hullen:
> Hallo, Marcus,
>
> Du (lists) meintest am 02.04.07:
>
> >>> http://us3.samba.org/samba/docs/man/...ction/Advanced
> >>> NetworkManagement.html#id386516
>
> > my script:
>
> > preexec script = /path/PermitSingleLogon.sh '%U'
> > preexec close = Yes
[...]
The block mechnism itself ist working fine. I use this scipt to check if
there are connects to a share with the same userid form differnet IPs:
-------
RESULT=$(smbstatus -d0 -b -u $1 2> /dev/null | grep $1 | awk '{print
$5}' | uniq | wc -l)
test "$RESULT" -eq 1 || exit 1
-------
But it seems, that windows reconnects the shares every few minutes. In
this case, the script doesn't know anymore which client PC was first and
is blocking both client PCs, the client first and all other clients :-(
Ciao,
Marcus
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Hallo, Marcus,
Du meintest am 03.04.07 zum Thema Re: [Samba] deny second or multiple logins:
> RESULT=$(smbstatus -d0 -b -u $1 2> /dev/null | grep $1 | awk '{print
> $5}' | uniq | wc -l)
> test "$RESULT" -eq 1 || exit 1
> -------
That's no good idea.
Try
test "$RESULT" -eq 0
Then the return level is 0 (= ok) for 0 , and it's 1 (not ok) for 1 or
higher.
Viele Gruesse!
Helmut
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Am Dienstag, den 03.04.2007, 21:47 +0200 schrieb Helmut Hullen:
> Hallo, Marcus,
>
> Du meintest am 03.04.07 zum Thema Re: [Samba] deny second or multiple logins:
>
> > RESULT=$(smbstatus -d0 -b -u $1 2> /dev/null | grep $1 | awk '{print
> > $5}' | uniq | wc -l)
>
> > test "$RESULT" -eq 1 || exit 1
> > -------
>
> That's no good idea.
> Try
>
> test "$RESULT" -eq 0
>
> Then the return level is 0 (= ok) for 0 , and it's 1 (not ok) for 1 or
> higher.
Hmmm, if the value of RESULUT is not 1 or higher, the scipt has to "exit
1" (not ok), which is correct, because in this case the same userid
tries to connect from different IPs.
Ciao!
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Hallo, Marcus,
Du meintest am 04.04.07 zum Thema Re: [Samba] deny second or multiple logins:
>>> test "$RESULT" -eq 1 || exit 1
>>> -------
>> That's no good idea.
>> Try
>>
>> test "$RESULT" -eq 0
>>
>> Then the return level is 0 (= ok) for 0 , and it's 1 (not ok) for 1
>> or higher.
> Hmmm, if the value of RESULUT is not 1 or higher,
That's the DOS way ...
> the scipt has to "exit 1" (not ok), which is correct, because in this
> case the same userid tries to connect from different IPs.
Your script returns with 1 also if $RESULT is 0.
My version returns with 0 if $RESULT is 0, otherwise with 1 (if it's the
last line in the script).
Viele Gruesse!
Helmut
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Hello Helmut,
Am Mittwoch, den 04.04.2007, 08:55 +0200 schrieb Helmut Hullen:
> Hallo, Marcus,
>
> Du meintest am 04.04.07 zum Thema Re: [Samba] deny second or multiple logins:
>
> >>> test "$RESULT" -eq 1 || exit 1
> >>> -------
>
> >> That's no good idea.
> >> Try
> >>
> >> test "$RESULT" -eq 0
> >>
> >> Then the return level is 0 (= ok) for 0 , and it's 1 (not ok) for 1
> >> or higher.
>
> > Hmmm, if the value of RESULUT is not 1 or higher,
>
> That's the DOS way ...
>
> > the scipt has to "exit 1" (not ok), which is correct, because in this
> > case the same userid tries to connect from different IPs.
>
> Your script returns with 1 also if $RESULT is 0.
> My version returns with 0 if $RESULT is 0, otherwise with 1 (if it's the
> last line in the script).
Okay, let's finish this 1 or 0 result question, because this is not the
main problem. The preexec parameter thing does not solve the problem of
denying multiple logins. The user is still able to login, but no shares
are mounted. And as I wrote in of my last emails, windows reconnects its
shares every few minutes. In this case, the script doesn't know anymore
which client PC was the user's first and therefore the script is
blocking all client PCs, the first client and all following clients (of
the user).
To avoid this one has to set lock files with username and IP. These
lock files could be removed with the postexec parameter. But what
happens if a client PCs crashes and doesn't disconnect its shares? The
postexec command will not run and if the user tries to connect from a
different machine (or his machine is getting a new IP by dhcp after
restart), the existing lock file is blocking the complete user. Any
other ideas? Did nobody solve this problem?
Ciao,
Marcus
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
