Re: LDAP (Active Directory) and user statuses
You can run some syslog for windows daemon on your dcs and redirect to some linux syslog daemon and parse security events for login Last login record in the ldap will not help you much Baruch shimi linux...@shimi.net wrote: On May 31, 2012 6:14 PM, ik ido...@gmail.com wrote: Hello, I need to write an application (on Linux) that checks with Active Directory if a user is logged in, and few other details about that user. The only thing I do not understand, is how can I check if a user has logged in or not. Does anyone have any experience with this issue and can shed some light, or point me to a good documentation on the subject ? Thanks, Ido AFAIK, AD doesn't know a user is logged in, because AD is not a login service, rather than an information source (e.g. *can* you login or not with the credentials provided). Also, you may be logged in to multiple stations on the domain... which one is the important to you? How would it know? You need workstations/server level info, not AD, IMHO. For example you could query NetBIOS via nbtstat -A ipaddr from a remote windows machine... there should be samba equivalent (don't remember by heart, sending this from my sgs2) Hope this helps... -- *Shimi* On May 31, 2012 6:14 PM, ik ido...@gmail.com wrote: Hello, I need to write an application (on Linux) that checks with Active Directory if a user is logged in, and few other details about that user. The only thing I do not understand, is how can I check if a user has logged in or not. Does anyone have any experience with this issue and can shed some light, or point me to a good documentation on the subject ? Thanks, Ido ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: LDAP (Active Directory) and user statuses
On Fri, Jun 1, 2012 at 4:41 PM, Baruch Shpirer bar...@shpirer.com wrote: You can run some syslog for windows daemon on your dcs and redirect to some linux syslog daemon and parse security events for login Last login record in the ldap will not help you much Baruch shimi linux...@shimi.net wrote: On May 31, 2012 6:14 PM, ik ido...@gmail.com wrote: Hello, I need to write an application (on Linux) that checks with Active Directory if a user is logged in, and few other details about that user. The only thing I do not understand, is how can I check if a user has logged in or not. Does anyone have any experience with this issue and can shed some light, or point me to a good documentation on the subject ? Thanks, Ido AFAIK, AD doesn't know a user is logged in, because AD is not a login service, rather than an information source (e.g. *can* you login or not with the credentials provided). Also, you may be logged in to multiple stations on the domain... which one is the important to you? How would it know? You need workstations/server level info, not AD, IMHO. For example you could query NetBIOS via nbtstat -A ipaddr from a remote windows machine... there should be samba equivalent (don't remember by heart, sending this from my sgs2) Hope this helps... Thank you both, I'm thinking in forcing the DC to add me a property of login with boolean field or something like that, because as I understand, they do know if a user is logged in. For me the number of logins is not important, only that they are logged in somewhere. -- *Shimi* Ido On May 31, 2012 6:14 PM, ik ido...@gmail.com wrote: Hello, I need to write an application (on Linux) that checks with Active Directory if a user is logged in, and few other details about that user. The only thing I do not understand, is how can I check if a user has logged in or not. Does anyone have any experience with this issue and can shed some light, or point me to a good documentation on the subject ? Thanks, Ido ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: LDAP (Active Directory) and user statuses
On Fri, Jun 1, 2012 at 6:53 PM, ik ido...@gmail.com wrote: Thank you both, I'm thinking in forcing the DC to add me a property of login with boolean field or something like that, because as I understand, they do know if a user is logged in. For me the number of logins is not important, only that they are logged in somewhere. A typical Microsoft configuration would have more than one domain controller. In large organizations, you could have 20 of them. Not all of their data is necessarily synchronized (and clients contact DC's pretty much randomlly, either globally in the org, or within a Site, if that is configured right), and even when they do, this is not always in real time, there could be significant delays. Let's assume you manage to know that someone logged in. How do you know he logged out? If he turned off his computer, will he remain logged in forever? Points to take... (maybe you're trying to find the wrong solution to the problem, which I don't even know what is it?) -- Shimi ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: LDAP (Active Directory) and user statuses
You have last login, but not sure it would be much usefull to what you are trying to accomplish here On Fri, Jun 1, 2012 at 11:53 AM, ik ido...@gmail.com wrote: On Fri, Jun 1, 2012 at 4:41 PM, Baruch Shpirer bar...@shpirer.com wrote: You can run some syslog for windows daemon on your dcs and redirect to some linux syslog daemon and parse security events for login Last login record in the ldap will not help you much Baruch shimi linux...@shimi.net wrote: On May 31, 2012 6:14 PM, ik ido...@gmail.com wrote: Hello, I need to write an application (on Linux) that checks with Active Directory if a user is logged in, and few other details about that user. The only thing I do not understand, is how can I check if a user has logged in or not. Does anyone have any experience with this issue and can shed some light, or point me to a good documentation on the subject ? Thanks, Ido AFAIK, AD doesn't know a user is logged in, because AD is not a login service, rather than an information source (e.g. *can* you login or not with the credentials provided). Also, you may be logged in to multiple stations on the domain... which one is the important to you? How would it know? You need workstations/server level info, not AD, IMHO. For example you could query NetBIOS via nbtstat -A ipaddr from a remote windows machine... there should be samba equivalent (don't remember by heart, sending this from my sgs2) Hope this helps... Thank you both, I'm thinking in forcing the DC to add me a property of login with boolean field or something like that, because as I understand, they do know if a user is logged in. For me the number of logins is not important, only that they are logged in somewhere. -- *Shimi* Ido On May 31, 2012 6:14 PM, ik ido...@gmail.com wrote: Hello, I need to write an application (on Linux) that checks with Active Directory if a user is logged in, and few other details about that user. The only thing I do not understand, is how can I check if a user has logged in or not. Does anyone have any experience with this issue and can shed some light, or point me to a good documentation on the subject ? Thanks, Ido ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il -- Thanks and best regards Baruch Shpirer Cell (IL) +972 52 602 6643 Cell (CA) +1 647 898 7602 Skype baruch_shpirer ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: LDAP (Active Directory) and user statuses
On Friday, 1 בJune 2012 19:46:15 Baruch Shpirer wrote: You have last login, but not sure it would be much usefull to what you are trying to accomplish here Ido, maybe it's better to look for this info not in the DC -- if there is some generic share everybody need to access (e.g: the one holding the login scripts), you can monitor access to that share. Now, don't ask me how this can be done on Windows machines, but samba let you read client connection status and even kill them (look in the status page of samba swat) Enjoy, -- Oron Peled Voice: +972-4-8228492 o...@actcom.co.il http://users.actcom.co.il/~oron באנו ווינדוס לגרש, בידינו פנגווין יש! ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
LDAP (Active Directory) and user statuses
Hello, I need to write an application (on Linux) that checks with Active Directory if a user is logged in, and few other details about that user. The only thing I do not understand, is how can I check if a user has logged in or not. Does anyone have any experience with this issue and can shed some light, or point me to a good documentation on the subject ? Thanks, Ido ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: LDAP (Active Directory) and user statuses
On May 31, 2012 6:14 PM, ik ido...@gmail.com wrote: Hello, I need to write an application (on Linux) that checks with Active Directory if a user is logged in, and few other details about that user. The only thing I do not understand, is how can I check if a user has logged in or not. Does anyone have any experience with this issue and can shed some light, or point me to a good documentation on the subject ? Thanks, Ido AFAIK, AD doesn't know a user is logged in, because AD is not a login service, rather than an information source (e.g. *can* you login or not with the credentials provided). Also, you may be logged in to multiple stations on the domain... which one is the important to you? How would it know? You need workstations/server level info, not AD, IMHO. For example you could query NetBIOS via nbtstat -A ipaddr from a remote windows machine... there should be samba equivalent (don't remember by heart, sending this from my sgs2) Hope this helps... -- *Shimi* On May 31, 2012 6:14 PM, ik ido...@gmail.com wrote: Hello, I need to write an application (on Linux) that checks with Active Directory if a user is logged in, and few other details about that user. The only thing I do not understand, is how can I check if a user has logged in or not. Does anyone have any experience with this issue and can shed some light, or point me to a good documentation on the subject ? Thanks, Ido ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il