[Samba] Logon Hours with Samba PDC

Brian Keats briankeats at hotmail.com
Tue Sep 10 17:05:34 GMT 2002

Hey, thanks for the response Andrew, I really appreciate it.  It'll save me 
hours of determining if I'm doing something wrong or if it's not 
implemented.  On another note, do you think I have missed something when 
even if I just look at a users' properties using User Manager for Domains 
and click on OK and am returned with the error "Group does not exist", do 
you think I have to map the local Unix group to the NT special Domain Users 
Group ?  If you have a Samba PDC anywhere close by and you use the User 
Manager for Domains software to view a domain users' properties do you get 
the same error ?  I guess what I'm asking is does everybody get this error 
or just me ?   Once again, I appreciate your correspondence ....


>From: Andrew Bartlett <abartlet at samba.org>
>To: Brian Keats <briankeats at hotmail.com>
>CC: samba at lists.samba.org
>Subject: Re: [Samba] Logon Hours with Samba PDC
>Date: Tue, 10 Sep 2002 08:53:47 +1000
>Brian Keats wrote:
> >
> > I have been searching for information about implementing Logon Hours 
>with a
> > Samba 2.2.5 PDC (or for that matter any version of SAMBA) but haven't 
> > noticed any postings or correspondence.  I have set up a a Samba PDC and
> > have mapped shares, authenticated users, blah blah blah, .... everything
> > seems to work fine.  I checked with 'rpcclient' to see what sort of
> > information is returned from 'rpcclient -c "queryuser [rid]" [server]' 
> > did notice 'logon_hrs' and 'Kickoff Time" fields returned so I assumed I
> > could specifiy times during a day when a user can/cannot logon to the
> > domain.  I then tried using the standard Windows tools "i.e. User 
> > for Domains" to specifiy logon times but always receive an error "Group 
> > could not be found" when I finally click on Ok.  As a matter of fact, I 
> > this error when ever I do click on OK even after just viewing the 
> > of Domain Users.  I can, however specify the account to be disbaled and 
> > will disable logon's until I remove the checkbox.   So my question is, 
>is it
> > possible to specify LOGON hours and also have I missed something not 
> > like mapping Domain Users and Domain Admins (RID's) to Unix GID's ?   
> > just curious if anyone has ever been able to specify Logon Hours using 
> > other tool ...  (or even User Manager for Domains !)
> > Would appeciate any feedback either through the mailing list or directly 
>I've not yet got time to code this up.
>There are two major requirements:
>  - Use a pdb backend that can store login hours (only the experimental
>tdbsam supports this at the moment).
>    - I need to add this to pdb_ldap.
>  - Interperate the login hours during authentication.
>    - This is relitivly easy to add to Samba HEAD, but I've just not had
>Kickoff time, must change time and a few others are already supported
>(in HEAD), just not login hours.
>Andrew Bartlett
>Andrew Bartlett                                 abartlet at pcug.org.au
>Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
>Student Network Administrator, Hawker College   abartlet at hawkerc.net
>http://samba.org     http://build.samba.org     http://hawkerc.net
>To unsubscribe from this list go to the following URL and read the
>instructions:  http://lists.samba.org/mailman/listinfo/samba

Chat with friends online, try MSN Messenger: http://messenger.msn.com

More information about the samba mailing list