HPE Community
Operating System - HP-UX
1824707 Members
3844 Online
109674 Solutions
New Discussion юеВ

Samba Session Timeout

 
Joe Kanakaraj
Advisor

тАО08-23-2004 06:26 PM

тАО08-23-2004 06:26 PM

Samba Session Timeout

Hi,

This is more of a SAMBA/Windows question, but since I am running it on good old HP UX 10.20, so I thought some of you might be able to help.

After much haggling for patches I finally got Samba 2.2 installed and it works perfectly. The only problem is that I would like a session to be automatically cut of after say 20 min. I tried various options to end up at a dead end. We use windows 2000 clients, which once the authentication password is entered you can close and open the connection without being prompted for authentication 'n' number of times as long as you are in the windows login session.

If any of you can help out I would appreciate it.

Regards,

Joe
Unix is simple, but it takes a genius to understand the simplicity. - quoted Dennis Ritchie
0 Kudos
Reply
8 REPLIES 8
Darren Prior
Honored Contributor

тАО08-23-2004 09:03 PM

тАО08-23-2004 09:03 PM

Re: Samba Session Timeout

Hi Joseph,

Once you've entered the password within Win2000, it will send it each time that you are required to authenticate, because it is the correct password the authentication will be invisible to the user. If the Win2000 user logs off from their PC, then logs back on and attempts to reconnect - they would need to re-enter their password to authenticate.

There may be an option in Windows for this (perhaps within the registry) but I'm not aware of a Samba option.

Is there a special reason why you required this functionality?

regards,

Darren.
Calm down. It's only ones and zeros...
0 Kudos
Reply
Dave Olker
Neighborhood Moderator

тАО08-24-2004 04:45 AM

тАО08-24-2004 04:45 AM

Re: Samba Session Timeout

Hi Joe,

In searching the smb.conf file on my Samba server, the only variable that sounds remotely like what you're talking about is:


deadtime (G)

The value of the parameter (a decimal integer) represents the number of minutes of inactivity before a connection is considered dead, and it is disconnected. The deadtime only takes effect if the number of open files is zero.

This is useful to stop a server's resources being exhausted by a large number of inactive connections.

Most clients have an auto-reconnect feature when a connection is broken so in most cases this parameter should be transparent to users.

Using this parameter with a timeout of a few minutes is recommended for most systems.

A deadtime of zero indicates that no auto-disconnection should be performed.

Default: deadtime = 0

Example: deadtime = 15


Have you tried configuring the deadtime paramter? As it states, this will only drop idle connections, so any connection who is active for the deadtime amount will still be allowed access. Also, there is nothing stoping the user whose connection is terminated from reconnecting.

This parameter is really used to avoid having tons of idle TCP/IP connections and idle smbds running on the server consuming resources.

Hope this helps,

Dave


I work at HPE
HPE Support Center offers support for your HPE services and products when and how you need it. Get started with HPE Support Center today.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
0 Kudos
Reply
Gerhard Roets
Esteemed Contributor

тАО08-24-2004 07:53 PM

тАО08-24-2004 07:53 PM

Re: Samba Session Timeout

Hi Joe

Even if the tcp/udp connection times out. The widnows clients caches the passwords. You would need to disable te windows password caching on the windows. This could impact other applications though.

Regards
Gerhard
0 Kudos
Reply
Joe Kanakaraj
Advisor

тАО08-25-2004 04:18 PM

тАО08-25-2004 04:18 PM

Re: Samba Session Timeout

Hi,

Thank you for the replies. I am sorry for the late replybut had to go to another site with no net access.

TO answer Darren's question of why do I need to disable. Well I have users who wish to download some files from my unix server to read them in Excel, right now we use ftp to connect to thier home directories, but It is insecure and time consuming, also I have user who screw up while connecting with FTP.

With regard to Dave, I considered the deadtime option earlier, but this is to disable the connection from server side, when the user eplores again he is reconnected by windows automatically as long as he is in the same login session.

Grehard has said we have to disable windows password caching, which I feel is right but how do we do it in win 2000. I just can't seem to find an answer anywhere.

Thanks for the answers so far. lets see if we can crack this one, even if it is the fault of Microsoft...:-).

Regards,

Joe
Unix is simple, but it takes a genius to understand the simplicity. - quoted Dennis Ritchie
0 Kudos
Reply
Joe Kanakaraj
Advisor

тАО08-25-2004 04:21 PM

тАО08-25-2004 04:21 PM

Re: Samba Session Timeout

Forgot to add to the answer Darren's question. We have users sharing Machines and Logins at times. this is to restrict them from accessing each others home directories on Unix via Samba.

Regards.
Unix is simple, but it takes a genius to understand the simplicity. - quoted Dennis Ritchie
0 Kudos
Reply
Gerhard Roets
Esteemed Contributor

тАО08-25-2004 05:03 PM

тАО08-25-2004 05:03 PM

Re: Samba Session Timeout

Hi Joe

Have a look at this url. Im not gona steal it from them and paste it in here.


A different hack disables domain password caching in the sense that if you need to access a new resource, you will be forced to re-enter your password for each new resource accessed. It would drive your users nuts. For a high security environment - it has real potential. Perhaps this makes sense for Administrator workstations.

Hive: HKEY_LOCAL_MACHINE
Key: Network\Logon
Name: NoDomainPwdCaching
Type: REG_DWORD
Value: 1



There is a global setting for Windows NT / Windows 2000 / Windows XP to disable password caching in general:

Hive: HKEY_CURRENT_USER
Hive: HKEY_LOCAL_MACHINE
Key: Software\Microsoft\Windows\CurrentVersion\Policies\Network
Name: DisablePwdCaching
Type: REG_DWORD
Value: 0 disable


From .... http://www.windowsnetworking.com/kbase/WindowsTips/WindowsNT/RegistryTips/Password/CachedLogonHashes.html looks like an interisting site btw ...

Regards
Gerhard
0 Kudos
Reply
Darren Prior
Honored Contributor

тАО08-25-2004 11:19 PM

тАО08-25-2004 11:19 PM

Re: Samba Session Timeout

Hi Joe,

Yup - it looks like doing this on the Windows side is the answer. You have to stop The Win2k client from resending the current authentication automatically.

The "easy" way round would be to have individual logins on the Windows side, once a different person logs on they would be able to authenticate for their home dir.

regards,

Darren.
Calm down. It's only ones and zeros...
0 Kudos
Reply
Gerhard Roets
Esteemed Contributor

тАО08-26-2004 01:49 AM

тАО08-26-2004 01:49 AM

Re: Samba Session Timeout

To expand a lil more. If users are forced to log in and out. The "cached session login tokens" does get destroyed. That is the other alternative.

Security does not start at the password ... it starts at the users using it. Education can go a loooong way.

Regards
Gerhard
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.