Re: [Samba] deny second or multiple logins

2007-04-04 Thread Marcus Sobchak [EMAIL PROTECTED] 
Am Dienstag, den 03.04.2007, 21:47 +0200 schrieb Helmut Hullen:
 Hallo, Marcus,
 
 Du meintest am 03.04.07 zum Thema Re: [Samba] deny second or multiple logins:
 
  RESULT=$(smbstatus -d0 -b -u $1 2 /dev/null | grep $1 | awk '{print
  $5}' | uniq | wc -l)
 
  test $RESULT -eq 1 || exit 1
  ---
 
 That's no good idea.
 Try
 
 test $RESULT -eq 0
 
 Then the return level is 0 (= ok) for 0 , and it's 1 (not ok) for 1 or  
 higher.

Hmmm, if the value of RESULUT is not 1 or higher, the scipt has to exit
1 (not ok), which is correct, because in this case the same userid
tries to connect from different IPs.

Ciao!


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] deny second or multiple logins

2007-04-04 Thread Helmut Hullen 
Hallo, Marcus,

Du meintest am 04.04.07 zum Thema Re: [Samba] deny second or multiple logins:

 test $RESULT -eq 1 || exit 1
 ---

 That's no good idea.
 Try

 test $RESULT -eq 0

 Then the return level is 0 (= ok) for 0 , and it's 1 (not ok) for 1
 or higher.

 Hmmm, if the value of RESULUT is not 1 or higher,

That's the DOS way ...

 the scipt has to exit 1 (not ok), which is correct, because in this
 case the same userid tries to connect from different IPs.

Your script returns with 1 also if $RESULT is 0.
My version returns with 0 if $RESULT is 0, otherwise with 1 (if it's the  
last line in the script).

Viele Gruesse!
Helmut
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] deny second or multiple logins

2007-04-04 Thread Marcus Sobchak [EMAIL PROTECTED] 
Hello Helmut,

Am Mittwoch, den 04.04.2007, 08:55 +0200 schrieb Helmut Hullen:
 Hallo, Marcus,
 
 Du meintest am 04.04.07 zum Thema Re: [Samba] deny second or multiple logins:
 
  test $RESULT -eq 1 || exit 1
  ---
 
  That's no good idea.
  Try
 
  test $RESULT -eq 0
 
  Then the return level is 0 (= ok) for 0 , and it's 1 (not ok) for 1
  or higher.
 
  Hmmm, if the value of RESULUT is not 1 or higher,
 
 That's the DOS way ...
 
  the scipt has to exit 1 (not ok), which is correct, because in this
  case the same userid tries to connect from different IPs.
 
 Your script returns with 1 also if $RESULT is 0.
 My version returns with 0 if $RESULT is 0, otherwise with 1 (if it's the  
 last line in the script).

Okay, let's finish this 1 or 0 result question, because this is not the
main problem. The preexec parameter thing does not solve the problem of
denying multiple logins. The user is still able to login, but no shares
are mounted. And as I wrote in of my last emails, windows reconnects its
shares every few minutes. In this case, the script doesn't know anymore
which client PC was the user's first and therefore the script is
blocking all client PCs, the first client and all following clients (of
the user). 
 To avoid this one has to set lock files with username and IP. These
lock files could be removed with the postexec parameter. But what
happens if a client PCs crashes and doesn't disconnect its shares? The
postexec command will not run and if the user tries to connect from a
different machine (or his machine is getting a new IP by dhcp after
restart), the existing lock file is blocking the complete user. Any
other ideas? Did nobody solve this problem?

Ciao,
Marcus


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] deny second or multiple logins

2007-04-03 Thread Marcus Sobchak [EMAIL PROTECTED] 
Hi,

Am Montag, den 02.04.2007, 14:33 +0200 schrieb Helmut Hullen:
 Hallo, Marcus,
 
 Du (lists) meintest am 02.04.07:
 
  http://us3.samba.org/samba/docs/man/Samba-HOWTO-Collection/Advanced
  NetworkManagement.html#id386516
 
  my script:
 
  preexec script = /path/PermitSingleLogon.sh '%U'
  preexec close = Yes

[...]

The block mechnism itself ist working fine. I use this scipt to check if
there are connects to a share with the same userid form differnet IPs:

---
RESULT=$(smbstatus -d0 -b -u $1 2 /dev/null | grep $1 | awk '{print
$5}' | uniq | wc -l)

test $RESULT -eq 1 || exit 1
---

But it seems, that windows reconnects the shares every few minutes. In
this case, the script doesn't know anymore which client PC was first and
is blocking both client PCs, the client first and all other clients :-(

Ciao,
Marcus



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] deny second or multiple logins

2007-04-03 Thread Helmut Hullen 
Hallo, Marcus,

Du meintest am 03.04.07 zum Thema Re: [Samba] deny second or multiple logins:

 RESULT=$(smbstatus -d0 -b -u $1 2 /dev/null | grep $1 | awk '{print
 $5}' | uniq | wc -l)

 test $RESULT -eq 1 || exit 1
 ---

That's no good idea.
Try

test $RESULT -eq 0

Then the return level is 0 (= ok) for 0 , and it's 1 (not ok) for 1 or  
higher.

Viele Gruesse!
Helmut
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] deny second or multiple logins

2007-04-02 Thread Marcus Sobchak [EMAIL PROTECTED] 
Hei,

Am Sonntag, den 01.04.2007, 20:28 +0200 schrieb Thomas Bork:
 Freitas wrote:
 
  You can try here.
  http://us3.samba.org/samba/docs/man/Samba-HOWTO-Collection/AdvancedNetworkManagement.html#id386516
   
 
 Sorry for being so stupid but how should this working?

I think the scipt is just an idea how to handle this problem. Here is my
script:

preexec script = /path/PermitSingleLogon.sh '%U'
preexec close = Yes

--
#!/bin/bash

RESULT=$(smbstatus -d0 -b -u $1 2 /dev/null | grep $1)

if [ X${RESULT} == X  ]; then
   exit 0
else
   exit 1
fi
--

But I still don't know how to combine this script with my existing logon
script.

Ciao,
Marcus


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] deny second or multiple logins

2007-04-02 Thread Helmut Hullen 
Hallo, Marcus,

Du (lists) meintest am 02.04.07:

 http://us3.samba.org/samba/docs/man/Samba-HOWTO-Collection/Advanced
 NetworkManagement.html#id386516

 my script:

 preexec script = /path/PermitSingleLogon.sh '%U'
 preexec close = Yes

 --
 #!/bin/bash

 RESULT=$(smbstatus -d0 -b -u $1 2 /dev/null | grep $1)

 if [ X${RESULT} == X  ]; then
exit 0
 else
exit 1
 fi
 --

Try

  ... | grep -c $1)

and then

test $RESULT -le 1 || exit 1
exit 0


Then prexec close = yes blocks  the second (and all further) login.




Viele Gruesse!
Helmut
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] deny second or multiple logins

2007-04-01 Thread Freitas 

I'd like to deny multiple logins to a samba domain. I already searched
the archive and found some threads about it. This one seems to be a good
idea:

  http://lists.samba.org/archive/samba/2006-April/119867.html

Does anyone know where to find such scipt examples?


You can try here.
http://us3.samba.org/samba/docs/man/Samba-HOWTO-Collection/AdvancedNetworkManagement.html#id386516

  Regards,

Freitas
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] deny second or multiple logins

2007-04-01 Thread Helmut Hullen 
Hallo, Marcus,

Du (lists) meintest am 01.04.07:

 I'd like to deny multiple logins to a samba domain. I already
 searched the archive and found some threads about it. This one seems
 to be a good idea:

   http://lists.samba.org/archive/samba/2006-April/119867.html

 Does anyone know where to find such scipt examples?

What about max connections for the desired shares?

Viele Gruesse!
Helmut
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] deny second or multiple logins

2007-04-01 Thread Marcus Sobchak [EMAIL PROTECTED] 
Hi,

Am Sonntag, den 01.04.2007, 10:49 -0300 schrieb Freitas:
  I'd like to deny multiple logins to a samba domain. I already searched
  the archive and found some threads about it. This one seems to be a good
  idea:
 
http://lists.samba.org/archive/samba/2006-April/119867.html
 
  Does anyone know where to find such scipt examples?
 
  You can try here.
 http://us3.samba.org/samba/docs/man/Samba-HOWTO-Collection/AdvancedNetworkManagement.html#id386516


Ah, great link. I was playing with smbstatus in these minutes :-) I'd
like to put the preexec script paramteter to global or to netlogon
section, not to a user's share section. What's best location?. 

At my netlogon section there is already the following line to create
dynamic login scripts:

 root preexec = /usr/local/bin/make_logon_script '%m' '%U' '%a' '%g' '%
L'

How do I combine these two lines? The script PermitSingleLogon.sh should
be executed before my old make_logon_script and if the return is 1 the
login process should be aborted completely.

Thanks,
Marcus


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] deny second or multiple logins

2007-04-01 Thread Marcus Sobchak [EMAIL PROTECTED] 
Am Sonntag, den 01.04.2007, 16:10 +0200 schrieb Helmut Hullen:
 Hallo, Marcus,
 
 Du (lists) meintest am 01.04.07:
 
  I'd like to deny multiple logins to a samba domain. I already
  searched the archive and found some threads about it. This one seems
  to be a good idea:
 
http://lists.samba.org/archive/samba/2006-April/119867.html
 
  Does anyone know where to find such scipt examples?
 
 What about max connections for the desired shares?

But then the user is already logged in :-) The user should be stoped one
step before.

Ciao!


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] deny second or multiple logins

2007-04-01 Thread Thomas Bork 

Freitas wrote:


You can try here.
http://us3.samba.org/samba/docs/man/Samba-HOWTO-Collection/AdvancedNetworkManagement.html#id386516 


Sorry for being so stupid but how should this working?


From the above link:

preexec script = /sbin/PermitSingleLogon.sh

Okay, this script is called without parameters before the share is opened.


Here the script from the above link:

#!/bin/bash

IFS=-
RESULT=$(smbstatus -S -u $1 2 /dev/null | awk 'NF \
 6 {print $1}' | sort | uniq -d)

if [ X${RESULT} == X  ]; then
  exit 0
else
  exit 1
fi


smbstatus is called with '-u $1' (user). But no parameter for the user 
is given in the preexec script and so $1 is empty.
If correcting this with 'preexec script = /sbin/PermitSingleLogon.sh %u' 
the script is still failing.


Don't know, what

awk 'NF \
 6 {print $1}'

should do.
The output from 'smbstatus -S -u tb' for the user tb with open 
connection is:


deveis  smbstatus -S -u tb

Service  pid machine   Connected at
---
tb   965   tb3   Sun Apr  1 19:53:55 2007

deveis 


The output without open connection is:

deveis  smbstatus -S -u tb

Service  pid machine   Connected at
---

deveis 



In all cases RESULT from the script is empty and multiple connections 
are never blocked...



der tom
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba