Home / server / Questions / 248274
Accepted
mbx
Asked: 2011-03-17 12:09:50 +0800 CST

How to get the last Windows domain logon times for all domainusers in Samba?

  • 772

We run samba as primary domain controller using ldap for the user account settings. As the title says, I am looking for an easy way to get the last logon times for each of those domain users.

I could generate a script to lookup all usernames from either pam or ldap and grep the samba log files, which might be error prone. I guess there is already an intended way of doing that.

So, how to get the last logon time for each user on any/all Windows machine(s)?

login active-directory samba ldap

3 Answers

  1. Best Answer

    I haven't used samba + LDAP for a while, but I remember there being sambaLogonTime and sambaLogoffTime attributes in the schema.

    The samba-ldap howto mentions these attributes

    However, I'm not sure if these are populated automatically. This link suggests that they aren't, although that's quite old now. I didn't need to use these attributes, so I didn't really pay any attention to them

    • 2

  2. The quick and dirty solution is to "merge" the machine logfiles and grep for logons

    grep -A 1 make_connection_snum /var/log/samba/log.* > logons.txt

    Thus you get the entries for accessing their homedir when logging in. Sorting by time and user seems like a job for a simple perl script.

    • 0

  3. I do realize this is a very very old question. I was in the same position today, and it turns out there is a way to extract this in newer versions of Samba. (My case was a Zentyal server)

    Regardless, what you need is the LDB database which provides the LDAP(-light) that Samba uses for domain authentication. On my server this was located in /var/lib/samba/private/sam.ldb.d/ the file you want is the file named after your Base DN. So if your base DN is DC=MY,DC=ORGANISATION,DC=com then the file would be DC\=MY\,DC\=ORGANISATION,DC\=com.ldb.

    In order to query the information for a certain user, use their full name using ldbsearch. In my case, if I wanted to find the user Joe SixPack:

    ldbsearch -H /var/lib/samba/private/sam.ldb.d/DC\=MY\,DC\=ORGANISATION,DC\=com.ldb "CN=Joe Sixpack"

    This gives you all known information about the specified user. If you only want the last time they logged on, just specify the attribute:

    ldbsearch -H /var/lib/samba/private/sam.ldb.d/DC\=MY\,DC\=ORGANISATION,DC\=com.ldb "CN=Joe Sixpack" lastLogon

    The format of lastlogon is a "number of 100-nanoseconds intervals that have elapsed since the 0 hour on January 1, 1601 until the date/time that is being stored". I don't really understands what this means, but there is a Microsoft Technet article that provides a formula for Excel.

    • 0