Problems with Samba 2.2.3a DC and PAM
Richter, Gary
Gary_Richter at nfuel.com
Mon Mar 4 12:16:04 GMT 2002
Basically, this is going to be just a question to see if what I want to do
can be done, since I have had no luck in doing it so far...
I have set up a 2.2.3a domain controller, and I can join Windows XP clients
to the domain, and log in as domain users.
I want to use PAM to enforce account restrictions, such as login time using
pam_time. I currently have the *stacked* version of the /etc/pam.d/samba
file installed, and I have modified my /etc/pam.d/system-auth file to look
as such:
--cut
account requisite /lib/security/pam_time.so
account required /lib/security/pam_unix.so
--cut
I have a feeling that the restrictions are working partially, since in my
syslog I am getting log entries to the effect of "'user' is not authorized
to log in at this time"... however, Windows is still allowing me to login as
if nothing is wrong. The only side effect of logging in my XP workstation
outside the permitted times is that I'm not able to connect to shares, like
the one defined for roaming profiles... Windows bitches about not being able
to load my profile.
Does anyone have any ideas? Has this been done before? Can it be done, or
will I be forced to actually use a Win2k Domain Controller when I would
rather not?
Thanks for any help,
gary_richter at nfuel.com
Gary
More information about the samba-technical
mailing list