On Tue, Nov 26, 2002 at 10:26:46AM +0100, Alen Kovac wrote: > Hello! > > I'm running samba as PDC. I want to disable concurrent logins for > users. (not to be able to login from more than one workstation at the > same time) I haven't figured out how to disable this so I dig in to > the samba sources. > > I found that _net_sam_logon() is the place where I could check if > users is logged in and in that case don't allow him to login. > > rpc_server/srv_netlog_nt.c: _net_sam_logon() > > init_net_user_info3(p->mem_ctx, usr_info, sampass, > 0, /* logon_count */ > 0, /* bad_pw_count */ > num_gids, /* uint32 num_groups */ > gids , /* DOM_GID *gids */ > 0x20 , /* uint32 user_flgs (?) */ > NULL, /* char sess_key[16] */ > my_name , /* char *logon_srv */ > my_workgroup, /* char *logon_dom */ > &global_sam_sid, /* DOM_SID *dom_sid */ > NULL); /* char *other_sids */ > > DEBUG(2, ("_net_sam_logon: [%s]", nt_username)); > > if (_is_user_logged_in(nt_username)) { > DEBUG(2, ("mydebug: Concurrent logins not allowed [%s]", > nt_username)); > pdb_free_sam(sampass); > return NT_STATUS_ACCOUNT_DISABLED; > } else { > _add_user_to_logged_in_list(nt_username); > } > > I have the following problems; don't know where could I remove user > from list when he logs out. _net_sam_logoff() isn't called, and second I > would like to remove need for my list for tracking users if samba > already do this. > > So I would really need some pointers where to implement this check?
You need to store a record in a tdb somewhere that the user has logged on so that another smbd running on the same PDC can check at logon time. I suggest adding records to the sessions tdb. Jeremy.