[Samba] Logon Hours with Samba PDC
briankeats at hotmail.com
Tue Sep 10 17:05:34 GMT 2002
Hey, thanks for the response Andrew, I really appreciate it. It'll save me
hours of determining if I'm doing something wrong or if it's not
implemented. On another note, do you think I have missed something when
even if I just look at a users' properties using User Manager for Domains
and click on OK and am returned with the error "Group does not exist", do
you think I have to map the local Unix group to the NT special Domain Users
Group ? If you have a Samba PDC anywhere close by and you use the User
Manager for Domains software to view a domain users' properties do you get
the same error ? I guess what I'm asking is does everybody get this error
or just me ? Once again, I appreciate your correspondence ....
>From: Andrew Bartlett <abartlet at samba.org>
>To: Brian Keats <briankeats at hotmail.com>
>CC: samba at lists.samba.org
>Subject: Re: [Samba] Logon Hours with Samba PDC
>Date: Tue, 10 Sep 2002 08:53:47 +1000
>Brian Keats wrote:
> > I have been searching for information about implementing Logon Hours
> > Samba 2.2.5 PDC (or for that matter any version of SAMBA) but haven't
> > noticed any postings or correspondence. I have set up a a Samba PDC and
> > have mapped shares, authenticated users, blah blah blah, .... everything
> > seems to work fine. I checked with 'rpcclient' to see what sort of
> > information is returned from 'rpcclient -c "queryuser [rid]" [server]'
> > did notice 'logon_hrs' and 'Kickoff Time" fields returned so I assumed I
> > could specifiy times during a day when a user can/cannot logon to the
> > domain. I then tried using the standard Windows tools "i.e. User
> > for Domains" to specifiy logon times but always receive an error "Group
> > could not be found" when I finally click on Ok. As a matter of fact, I
> > this error when ever I do click on OK even after just viewing the
> > of Domain Users. I can, however specify the account to be disbaled and
> > will disable logon's until I remove the checkbox. So my question is,
> > possible to specify LOGON hours and also have I missed something not
> > like mapping Domain Users and Domain Admins (RID's) to Unix GID's ?
> > just curious if anyone has ever been able to specify Logon Hours using
> > other tool ... (or even User Manager for Domains !)
> > Would appeciate any feedback either through the mailing list or directly
>I've not yet got time to code this up.
>There are two major requirements:
> - Use a pdb backend that can store login hours (only the experimental
>tdbsam supports this at the moment).
> - I need to add this to pdb_ldap.
> - Interperate the login hours during authentication.
> - This is relitivly easy to add to Samba HEAD, but I've just not had
>Kickoff time, must change time and a few others are already supported
>(in HEAD), just not login hours.
>Andrew Bartlett abartlet at pcug.org.au
>Manager, Authentication Subsystems, Samba Team abartlet at samba.org
>Student Network Administrator, Hawker College abartlet at hawkerc.net
>http://samba.org http://build.samba.org http://hawkerc.net
>To unsubscribe from this list go to the following URL and read the
Chat with friends online, try MSN Messenger: http://messenger.msn.com
More information about the samba