I am looking for some way to grant or deny internet access (that is, changing iptables rules) based on Samba domain logon.
When a user logs on, I would like to run a script that modifies firewall rules based on the group that the user belongs to (this determines if he has internet access or not) and based on the workstation's IP address (so I know which IP address to grant internet access to). When the user logs off, I need to know the same information (username and IP) so I can remove the firewall rule. I have seen some scripts based on preexec and postexec, and some based on a loop that checks "smbstatus" every minute to see if new users are addedd or presnet users have gone away, but I think that both methods are not very efficient and not really stable. Checking every minute means that a user needs to wait after logon to be granted internet access, and using preexec and postexec seems to fail sometimes, as it seems that clients tend to connect the same share multiple times, and sometimes disconnect it while they are still online. I'd like to know if there is something else that I could use, if there is some "hook" in Samba that I can use to run scripts at logon and logoff, that can pass me username, groups (not really necessary) and IP address of the workstation. Thanks. -- Fabio "Kurgan" Muzzi -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
