I was recently asked to record when a user logon/logoff on a Windows workstation. Both MS and Samba¹ Active Directory implementations produce a lot of events related to user authentication and authorization. Samba seems to be missing a “logoff” trace.
But the goal here is to have a simple, readable log file with just the logon/logoff events traced.
The proposed solution is based on a PowerShell script that acts as syslog client. It runs on a Windows workstation and sends the logon/logoff events to its DC, where we run a rsyslogd service.
I configured a GPO to deploy the PowerShell script, but should work also on non-members workstations by tweaking the Windows Registry or similar.
But what if there are no windows based clients? Could there be a solution for linux based clients? (you could argue that you wouldn’t need samba4AD account provider without MS Windows clients, but I think linux clients also can benefit from sa,ba4AD…)
Maybe not GPO’s as in place for managing windows user and device accounts. But I can imagine you also would like to be able to manage linux based device accounts. I mean, I can join a Samba4 AD account with a linux client. It would be nice to be able to set rules for that device account…
With GPO you could redirect homedirectories to a network share. What I understood is, when you log into a domain account on a linx device, a local homedirectory is created. the same behavior when logging in on a linux device as when logging in on a windows device would be nice, wouldn’t it…
I don’t know if this is the right example… but I just want to be able to have an as transparent as possible use of device on a network, regardless if it is a linux device or a windows device.