Re: [Samba] Logon logging logs

2005-03-23 Thread Bill Arlofski 
My apologies for repsonding to my own message, but I was hoping that 
something that seems this simple would elicit some quick responses.

The short version is:  I need a method to log each user logon to a Samba 
PDC. Logging from a preexec script in the [netlogon] share works, but 
users are logged twice. Is there a correct way to do this so that each 
network logon is logged only once?

Original long version follows:
Bill Arlofski wrote:
I'm looking for a simple solution to log a single entry for each login 
to a Samba PDC.

My current attempt(s) of using a root prexec script in either the 
[netlogon] share definition or the [global] section are working, but not 
exactly as expected.

In [netlogon] I have an entry:
root preexec = /path/to/script/makelogonscript.pl %g %u %m %I
...where makelogonscript.pl generates a customized logon script for each 
user/group etc. AND, at the top of this script, a simple section has 
been added to log to a logonlog.log file the following information:

Date Time Primary_Group IP_Address machinename username
So far so good. The problem I am seeing with this is that every time 
someone logs into the domain, it appears that the [netlogon] share is 
opened twice because this script writes two entries for each user, 
usually about 4 seconds apart, sometimes about 10 seconds apart,  but I 
have seen as high as 30 seconds or more.

ie:
03-16-2005 12:14:00 group xx.xx.xx.xx  machinename username
03-16-2005 12:14:04 group xx.xx.xx.xx  machinename username
Speaking in #samba on freenode we agreed that this might be because some 
versions of windows temporarily map a Z: drive to the netlogon share and 
then work off of that during the logon process.

OK, so next up was putting a simple root preexec logging script in the 
[global] section of smb.conf

Similar, but not exact results were found.
Most domain logins were logged twice, some were only logged once. Also, 
there are now some entries with nobody as the group and username but 
these nobody  entries can be easily omitted from reports with 
sed/grep/awk/perl/whatever so they are inconsequential. :)

So, I guess my basic question is:
Where in the logon process is the correct place to tell Samba to do 
something (ie: run this script) but do it only once?

Thanks for any help!
-
Bill Arlofski
Bill Arlofski
[EMAIL PROTECTED]
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Logon logging logs

2005-03-16 Thread Bill Arlofski 
I'm looking for a simple solution to log a single entry for each login 
to a Samba PDC.

My current attempt(s) of using a root prexec script in either the 
[netlogon] share definition or the [global] section are working, but not 
exactly as expected.

In [netlogon] I have an entry:
root preexec = /path/to/script/makelogonscript.pl %g %u %m %I
...where makelogonscript.pl generates a customized logon script for each 
user/group etc. AND, at the top of this script, a simple section has 
been added to log to a logonlog.log file the following information:

Date Time Primary_Group IP_Address machinename username
So far so good. The problem I am seeing with this is that every time 
someone logs into the domain, it appears that the [netlogon] share is 
opened twice because this script writes two entries for each user, 
usually about 4 seconds apart, sometimes about 10 seconds apart,  but I 
have seen as high as 30 seconds or more.

ie:
03-16-2005 12:14:00 group xx.xx.xx.xx  machinename username
03-16-2005 12:14:04 group xx.xx.xx.xx  machinename username
Speaking in #samba on freenode we agreed that this might be because some 
versions of windows temporarily map a Z: drive to the netlogon share and 
then work off of that during the logon process.

OK, so next up was putting a simple root preexec logging script in the 
[global] section of smb.conf

Similar, but not exact results were found.
Most domain logins were logged twice, some were only logged once. Also, 
there are now some entries with nobody as the group and username but 
these nobody  entries can be easily omitted from reports with 
sed/grep/awk/perl/whatever so they are inconsequential. :)

So, I guess my basic question is:
Where in the logon process is the correct place to tell Samba to do 
something (ie: run this script) but do it only once?

Thanks for any help!
-
Bill Arlofski
[EMAIL PROTECTED]
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba