Re: [Samba] deny second or multiple logins
Am Dienstag, den 03.04.2007, 21:47 +0200 schrieb Helmut Hullen: Hallo, Marcus, Du meintest am 03.04.07 zum Thema Re: [Samba] deny second or multiple logins: RESULT=$(smbstatus -d0 -b -u $1 2 /dev/null | grep $1 | awk '{print $5}' | uniq | wc -l) test $RESULT -eq 1 || exit 1 --- That's no good idea. Try test $RESULT -eq 0 Then the return level is 0 (= ok) for 0 , and it's 1 (not ok) for 1 or higher. Hmmm, if the value of RESULUT is not 1 or higher, the scipt has to exit 1 (not ok), which is correct, because in this case the same userid tries to connect from different IPs. Ciao! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] deny second or multiple logins
Hallo, Marcus, Du meintest am 04.04.07 zum Thema Re: [Samba] deny second or multiple logins: test $RESULT -eq 1 || exit 1 --- That's no good idea. Try test $RESULT -eq 0 Then the return level is 0 (= ok) for 0 , and it's 1 (not ok) for 1 or higher. Hmmm, if the value of RESULUT is not 1 or higher, That's the DOS way ... the scipt has to exit 1 (not ok), which is correct, because in this case the same userid tries to connect from different IPs. Your script returns with 1 also if $RESULT is 0. My version returns with 0 if $RESULT is 0, otherwise with 1 (if it's the last line in the script). Viele Gruesse! Helmut -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] deny second or multiple logins
Hello Helmut, Am Mittwoch, den 04.04.2007, 08:55 +0200 schrieb Helmut Hullen: Hallo, Marcus, Du meintest am 04.04.07 zum Thema Re: [Samba] deny second or multiple logins: test $RESULT -eq 1 || exit 1 --- That's no good idea. Try test $RESULT -eq 0 Then the return level is 0 (= ok) for 0 , and it's 1 (not ok) for 1 or higher. Hmmm, if the value of RESULUT is not 1 or higher, That's the DOS way ... the scipt has to exit 1 (not ok), which is correct, because in this case the same userid tries to connect from different IPs. Your script returns with 1 also if $RESULT is 0. My version returns with 0 if $RESULT is 0, otherwise with 1 (if it's the last line in the script). Okay, let's finish this 1 or 0 result question, because this is not the main problem. The preexec parameter thing does not solve the problem of denying multiple logins. The user is still able to login, but no shares are mounted. And as I wrote in of my last emails, windows reconnects its shares every few minutes. In this case, the script doesn't know anymore which client PC was the user's first and therefore the script is blocking all client PCs, the first client and all following clients (of the user). To avoid this one has to set lock files with username and IP. These lock files could be removed with the postexec parameter. But what happens if a client PCs crashes and doesn't disconnect its shares? The postexec command will not run and if the user tries to connect from a different machine (or his machine is getting a new IP by dhcp after restart), the existing lock file is blocking the complete user. Any other ideas? Did nobody solve this problem? Ciao, Marcus -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] deny second or multiple logins
Hi, Am Montag, den 02.04.2007, 14:33 +0200 schrieb Helmut Hullen: Hallo, Marcus, Du (lists) meintest am 02.04.07: http://us3.samba.org/samba/docs/man/Samba-HOWTO-Collection/Advanced NetworkManagement.html#id386516 my script: preexec script = /path/PermitSingleLogon.sh '%U' preexec close = Yes [...] The block mechnism itself ist working fine. I use this scipt to check if there are connects to a share with the same userid form differnet IPs: --- RESULT=$(smbstatus -d0 -b -u $1 2 /dev/null | grep $1 | awk '{print $5}' | uniq | wc -l) test $RESULT -eq 1 || exit 1 --- But it seems, that windows reconnects the shares every few minutes. In this case, the script doesn't know anymore which client PC was first and is blocking both client PCs, the client first and all other clients :-( Ciao, Marcus -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] deny second or multiple logins
Hallo, Marcus, Du meintest am 03.04.07 zum Thema Re: [Samba] deny second or multiple logins: RESULT=$(smbstatus -d0 -b -u $1 2 /dev/null | grep $1 | awk '{print $5}' | uniq | wc -l) test $RESULT -eq 1 || exit 1 --- That's no good idea. Try test $RESULT -eq 0 Then the return level is 0 (= ok) for 0 , and it's 1 (not ok) for 1 or higher. Viele Gruesse! Helmut -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] deny second or multiple logins
Hei, Am Sonntag, den 01.04.2007, 20:28 +0200 schrieb Thomas Bork: Freitas wrote: You can try here. http://us3.samba.org/samba/docs/man/Samba-HOWTO-Collection/AdvancedNetworkManagement.html#id386516 Sorry for being so stupid but how should this working? I think the scipt is just an idea how to handle this problem. Here is my script: preexec script = /path/PermitSingleLogon.sh '%U' preexec close = Yes -- #!/bin/bash RESULT=$(smbstatus -d0 -b -u $1 2 /dev/null | grep $1) if [ X${RESULT} == X ]; then exit 0 else exit 1 fi -- But I still don't know how to combine this script with my existing logon script. Ciao, Marcus -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] deny second or multiple logins
Hallo, Marcus, Du (lists) meintest am 02.04.07: http://us3.samba.org/samba/docs/man/Samba-HOWTO-Collection/Advanced NetworkManagement.html#id386516 my script: preexec script = /path/PermitSingleLogon.sh '%U' preexec close = Yes -- #!/bin/bash RESULT=$(smbstatus -d0 -b -u $1 2 /dev/null | grep $1) if [ X${RESULT} == X ]; then exit 0 else exit 1 fi -- Try ... | grep -c $1) and then test $RESULT -le 1 || exit 1 exit 0 Then prexec close = yes blocks the second (and all further) login. Viele Gruesse! Helmut -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] deny second or multiple logins
I'd like to deny multiple logins to a samba domain. I already searched the archive and found some threads about it. This one seems to be a good idea: http://lists.samba.org/archive/samba/2006-April/119867.html Does anyone know where to find such scipt examples? You can try here. http://us3.samba.org/samba/docs/man/Samba-HOWTO-Collection/AdvancedNetworkManagement.html#id386516 Regards, Freitas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] deny second or multiple logins
Hallo, Marcus, Du (lists) meintest am 01.04.07: I'd like to deny multiple logins to a samba domain. I already searched the archive and found some threads about it. This one seems to be a good idea: http://lists.samba.org/archive/samba/2006-April/119867.html Does anyone know where to find such scipt examples? What about max connections for the desired shares? Viele Gruesse! Helmut -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] deny second or multiple logins
Hi, Am Sonntag, den 01.04.2007, 10:49 -0300 schrieb Freitas: I'd like to deny multiple logins to a samba domain. I already searched the archive and found some threads about it. This one seems to be a good idea: http://lists.samba.org/archive/samba/2006-April/119867.html Does anyone know where to find such scipt examples? You can try here. http://us3.samba.org/samba/docs/man/Samba-HOWTO-Collection/AdvancedNetworkManagement.html#id386516 Ah, great link. I was playing with smbstatus in these minutes :-) I'd like to put the preexec script paramteter to global or to netlogon section, not to a user's share section. What's best location?. At my netlogon section there is already the following line to create dynamic login scripts: root preexec = /usr/local/bin/make_logon_script '%m' '%U' '%a' '%g' '% L' How do I combine these two lines? The script PermitSingleLogon.sh should be executed before my old make_logon_script and if the return is 1 the login process should be aborted completely. Thanks, Marcus -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] deny second or multiple logins
Am Sonntag, den 01.04.2007, 16:10 +0200 schrieb Helmut Hullen: Hallo, Marcus, Du (lists) meintest am 01.04.07: I'd like to deny multiple logins to a samba domain. I already searched the archive and found some threads about it. This one seems to be a good idea: http://lists.samba.org/archive/samba/2006-April/119867.html Does anyone know where to find such scipt examples? What about max connections for the desired shares? But then the user is already logged in :-) The user should be stoped one step before. Ciao! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] deny second or multiple logins
Freitas wrote: You can try here. http://us3.samba.org/samba/docs/man/Samba-HOWTO-Collection/AdvancedNetworkManagement.html#id386516 Sorry for being so stupid but how should this working? From the above link: preexec script = /sbin/PermitSingleLogon.sh Okay, this script is called without parameters before the share is opened. Here the script from the above link: #!/bin/bash IFS=- RESULT=$(smbstatus -S -u $1 2 /dev/null | awk 'NF \ 6 {print $1}' | sort | uniq -d) if [ X${RESULT} == X ]; then exit 0 else exit 1 fi smbstatus is called with '-u $1' (user). But no parameter for the user is given in the preexec script and so $1 is empty. If correcting this with 'preexec script = /sbin/PermitSingleLogon.sh %u' the script is still failing. Don't know, what awk 'NF \ 6 {print $1}' should do. The output from 'smbstatus -S -u tb' for the user tb with open connection is: deveis smbstatus -S -u tb Service pid machine Connected at --- tb 965 tb3 Sun Apr 1 19:53:55 2007 deveis The output without open connection is: deveis smbstatus -S -u tb Service pid machine Connected at --- deveis In all cases RESULT from the script is empty and multiple connections are never blocked... der tom -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba