Re: patch for logon time on samba3.0 alpha22
On Thu, 2003-03-20 at 18:59, Jianliang Lu wrote: > > On Thu, 2003-03-20 at 01:38, Jianliang Lu wrote: > > > Hi, > > > I've patched the samba3.0 alpha22 for logon_time, now the user's logon > time > > > is updated when he logs on successfully. > > > In attachment is the patch. > > > > Does NT do this only for file-share connects? Or also for Domain > > logons? > > > > If domain logons also trigger it, then the correct place is > > 'auth/auth_sam.c'. But watch out, we probably need an option to disable > > this, as in some PDC/BDC setups, it could entail an expensive LDAP > > update over a WAN. > > > > But nice work - it's the kind of detail I've been meaning to catch up on > > for a while. > > > > Andrew Bartlett > > > > Yes, the first time I also put the patch on the auth/auth_sam.c, but I have > seen that you update the logon time using utmp when the session is > estabilished. The patch works for Domain logons. Only for the actual domain logon, and only if the client contacts netlogon. If a user logs into a member server, we should update that time too. As to utmp - the code is there because we need the 'logoff' record too, and this is the only place we get that. Also, utmp is a 'unix' thing we can't push back to the DC - while this is. Andrew Bartlett Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part
Re: patch for logon time on samba3.0 alpha22
> On Thu, 2003-03-20 at 01:38, Jianliang Lu wrote: > > Hi, > > I've patched the samba3.0 alpha22 for logon_time, now the user's logon time > > is updated when he logs on successfully. > > In attachment is the patch. > > Does NT do this only for file-share connects? Or also for Domain > logons? > > If domain logons also trigger it, then the correct place is > 'auth/auth_sam.c'. But watch out, we probably need an option to disable > this, as in some PDC/BDC setups, it could entail an expensive LDAP > update over a WAN. > > But nice work - it's the kind of detail I've been meaning to catch up on > for a while. > > Andrew Bartlett > Yes, the first time I also put the patch on the auth/auth_sam.c, but I have seen that you update the logon time using utmp when the session is estabilished. The patch works for Domain logons. Jianliang Lu Tiesse s.p.a. [EMAIL PROTECTED] > -- > Andrew Bartlett [EMAIL PROTECTED] > Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] > Student Network Administrator, Hawker College [EMAIL PROTECTED] > http://samba.org http://build.samba.org http://hawkerc.net Jianliang Lu TieSse s.p.a. [EMAIL PROTECTED] [EMAIL PROTECTED]
Re: patch for logon time on samba3.0 alpha22
On Thu, Mar 20, 2003 at 09:19:55AM +1100, Andrew Bartlett wrote: > > auth/auth_sam.c has some of these already - but read sam_account_ok() > and you will see what is left to be done. Cool, thanks. I'll start there (I thought you must have done something along these lines already :-). > A big one is 'logonHours' - we need to store this into LDAP and check it > here. Thanks for the headsup. Jeremy.
Re: patch for logon time on samba3.0 alpha22
On Thu, 2003-03-20 at 08:56, [EMAIL PROTECTED] wrote: > On Thu, Mar 20, 2003 at 08:36:10AM +1100, Andrew Bartlett wrote: > > On Thu, 2003-03-20 at 01:38, Jianliang Lu wrote: > > > Hi, > > > I've patched the samba3.0 alpha22 for logon_time, now the user's logon time > > > is updated when he logs on successfully. > > > In attachment is the patch. > > > > Does NT do this only for file-share connects? Or also for Domain > > logons? > > > > If domain logons also trigger it, then the correct place is > > 'auth/auth_sam.c'. But watch out, we probably need an option to disable > > this, as in some PDC/BDC setups, it could entail an expensive LDAP > > update over a WAN. > > > > But nice work - it's the kind of detail I've been meaning to catch up on > > for a while. > > Yep - looks good, although not the place I'd put it. I'm looking > at adding the code into the auth system to implement the Windows > account restrictions (unless it's there in 3.0 and I haven't > found it yet, which is possible :-). auth/auth_sam.c has some of these already - but read sam_account_ok() and you will see what is left to be done. A big one is 'logonHours' - we need to store this into LDAP and check it here. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part
Re: patch for logon time on samba3.0 alpha22
On Thu, Mar 20, 2003 at 08:36:10AM +1100, Andrew Bartlett wrote: > On Thu, 2003-03-20 at 01:38, Jianliang Lu wrote: > > Hi, > > I've patched the samba3.0 alpha22 for logon_time, now the user's logon time > > is updated when he logs on successfully. > > In attachment is the patch. > > Does NT do this only for file-share connects? Or also for Domain > logons? > > If domain logons also trigger it, then the correct place is > 'auth/auth_sam.c'. But watch out, we probably need an option to disable > this, as in some PDC/BDC setups, it could entail an expensive LDAP > update over a WAN. > > But nice work - it's the kind of detail I've been meaning to catch up on > for a while. Yep - looks good, although not the place I'd put it. I'm looking at adding the code into the auth system to implement the Windows account restrictions (unless it's there in 3.0 and I haven't found it yet, which is possible :-). Jeremy.
Re: patch for logon time on samba3.0 alpha22
On Thu, 2003-03-20 at 01:38, Jianliang Lu wrote: > Hi, > I've patched the samba3.0 alpha22 for logon_time, now the user's logon time > is updated when he logs on successfully. > In attachment is the patch. Does NT do this only for file-share connects? Or also for Domain logons? If domain logons also trigger it, then the correct place is 'auth/auth_sam.c'. But watch out, we probably need an option to disable this, as in some PDC/BDC setups, it could entail an expensive LDAP update over a WAN. But nice work - it's the kind of detail I've been meaning to catch up on for a while. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part