Lastlog file -> missing users???
Hi, everyone.
I'm analyzing a Linux server that is used as a Primary Domain Controller. Specifically, I have to check the last login date/times for each user and I see the following: - Most users have "Never logged in", when I KNOW that they do log in everyday...how is this possible??? - Some users doesn´t appear in the lastlog file, but they are listed in the passwd file...how is this possible??? Note: the workstations in this LAN have Windows 2000 PRO installed on. Could you please help me understand this situation? Thanks so much. Carlos. |
utmp: currently logged in users. tool: who/w
lastlog: only info about the users last login. Tool: lastlog. wtmp: info about every user ever logged in. Tool: last or Chkrootkit's chklastlog. * Note these might get logrotated so you will want to check the archives. ** If archives show nothing then you prolly should check "utmp = No/Yes" setting in smb.conf. |
And theses tools/databases only holds login information for users which __really__ have logged in this system.
Samba users are not logged by theses tools ! For samba users you must to check the files on /var/log/samba. |
All times are GMT -5. The time now is 10:48 AM. |