Re: [Samba] Audit Trail/Logging For Network Logons and Logoffs
On Thu, 2005-03-03 at 12:18 -0700, Lars Rasmussen wrote: On Thu, 03 Mar 2005 09:56:21 +1100, Andrew Bartlett [EMAIL PROTECTED] wrote: I just hope you don't try and use the logs for anything important, given you have to make them world writable This is a problem. Besides making the share hidden, I've tried to hack some permissions and used force user= . This seems sloppy, but prevents users from viewing the share while allowing them to write to it. What should I do differently in this scenario? Use the system login records (such as utmp), write a pam module (hooking into 'obey pam restrictions = yes' and the session modules), or something similar. You just can't do this with a system that requires the *user* to write the records. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Audit Trail/Logging For Network Logons and Logoffs
On Thu, 03 Mar 2005 09:56:21 +1100, Andrew Bartlett [EMAIL PROTECTED] wrote: I just hope you don't try and use the logs for anything important, given you have to make them world writable This is a problem. Besides making the share hidden, I've tried to hack some permissions and used force user= . The dir for the share looks like this: drwxrws-wx2 root executives 4096 Mar 3 08:59 logontimes Share definition looks like this: [logontimes] comment = Network Logon Times path = /backup/logontimes write list = executivesmemberusername read only = No browseable = No create mode = 0770 force user = executivesmemberusername This seems sloppy, but prevents users from viewing the share while allowing them to write to it. What should I do differently in this scenario? -- Lars -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Audit Trail/Logging For Network Logons and Logoffs
On Fri, 2005-02-25 at 12:51 -0700, Gene Cooper wrote: Hi Folks, I have searched the archives and the web for this issue, but I haven't found an answer. I need to be able to log or audit the network access of our network users. This information needs to be used in conjuction with a time and attendance punch clock. I have seen much discussion of using preexec and postexec for obtaining a network access log. However, my testing has shown this as unreliable. It seems Windows logs in and logs out at (nearly) random and the collected information seems useless as I haven't discovered a useful way to collect or parse the collected information. I have tested on various shares as well. Are you just looking for logon/logoff times? I think you can put something in the logon/logoff scripts that will do that. Logon tracking: @echo off echo %USERNAME% Logon \\server\hiddenshare\%USERNAME%.log date /t \\server\hiddenshare\%USERNAME%.log time /t \\server\hiddenshare\%USERNAME%.log Logoff tracking: @echo off echo %USERNAME% Logoff \\server\hiddenshare\%USERNAME%.log date /t \\server\hiddenshare\%USERNAME%.log time /t \\server\hiddenshare\%USERNAME%.log I'm not using logoff scripts, but I googled NT +logoff scripts and came up with a bunch of promising links. They point to either Policy settings or GINA to enable/control logon/logoff settings. Hope this helps, Jim Van Sickler -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Audit Trail/Logging For Network Logons and Logoffs
On Wed, 02 Mar 2005 12:48:42 -0500, Van Sickler, Jim [EMAIL PROTECTED] wrote: Are you just looking for logon/logoff times? I think you can put something in the logon/logoff scripts that will do that. Logon tracking: @echo off echo %USERNAME% Logon \\server\hiddenshare\%USERNAME%.log date /t \\server\hiddenshare\%USERNAME%.log time /t \\server\hiddenshare\%USERNAME%.log I played with this a bit like the following implementation better: @echo off SET logoninfo=%USERNAME% logged on %DATE% %TIME:~0,8% echo %logoninfo% \\server\hiddenshare\%USERNAME%.log It's a bit more ''log like''. Example output: jdoe logged on Wed 03/02/2005 13:03:47 Oh yeah, I also learned that ECHO. (no space) makes a hard return in windows batch files. -- Lars -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Audit Trail/Logging For Network Logons and Logoffs
On Wed, 2 Mar 2005 13:12:35 -0700, Lars Rasmussen [EMAIL PROTECTED] wrote: @echo off SET logoninfo=%USERNAME% logged on %DATE% %TIME:~0,8% echo %logoninfo% \\server\hiddenshare\%USERNAME%.log This line should read: echo %logoninfo% \\secure\logontimes\%USERNAME%.log That way you allow for spaces with XP users. -- Lars -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Audit Trail/Logging For Network Logons and Logoffs
On Wed, 2005-03-02 at 14:10 -0700, Lars Rasmussen wrote: On Wed, 2 Mar 2005 13:12:35 -0700, Lars Rasmussen [EMAIL PROTECTED] wrote: @echo off SET logoninfo=%USERNAME% logged on %DATE% %TIME:~0,8% echo %logoninfo% \\server\hiddenshare\%USERNAME%.log This line should read: echo %logoninfo% \\secure\logontimes\%USERNAME%.log I just hope you don't try and use the logs for anything important, given you have to make them world writable Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Audit Trail/Logging For Network Logons and Logoffs
On Fri, 2005-02-25 at 12:51 -0700, Gene Cooper wrote: Hi Folks, I have searched the archives and the web for this issue, but I haven't found an answer. I need to be able to log or audit the network access of our network users. This information needs to be used in conjuction with a time and attendance punch clock. I have seen much discussion of using preexec and postexec for obtaining a network access log. However, my testing has shown this as unreliable. It seems Windows logs in and logs out at (nearly) random and the collected information seems useless as I haven't discovered a useful way to collect or parse the collected information. I have tested on various shares as well. The best you will get is the utmp information, as this is more accurate than the per-share info (due to multiple users of a given share). I've long proposed to implement 'session exec' scripts for this purpose, but never got around to it (and I don't do Samba3 any more). However, if you read the discussion that occurred last year on 'preventing multiple simultaneous logons', you will see why this is so, so hard to get right. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Audit Trail/Logging For Network Logons and Logoffs
Hi Folks, I have searched the archives and the web for this issue, but I haven't found an answer. I need to be able to log or audit the network access of our network users. This information needs to be used in conjuction with a time and attendance punch clock. I have seen much discussion of using preexec and postexec for obtaining a network access log. However, my testing has shown this as unreliable. It seems Windows logs in and logs out at (nearly) random and the collected information seems useless as I haven't discovered a useful way to collect or parse the collected information. I have tested on various shares as well. Surely this has been an issue for many? If so, how have you resolved this problem? Is the solution dependent on a particular version of Samba? Thanks to all contributors for a truly fine and useful software. Thanks in advance for all responses. G -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
