[Samba] Logon time restrictions?
Jim Morris
Jim at Morris-World.com
Fri Jan 23 23:24:17 GMT 2004
On Jan 23, 2004, at 12:47 PM, Anders Norrbring wrote:
> I'll try posting again, just to see if someone knows...
Uh - you asked a pretty complex question, and reposting it because
noone answered after just 3 hours is expecting a lot! Some of the
primary developers of Samba are on the other side of the planet from
you, most likely. Give it a day next time.
> I've browsed to lots of doc. files, but I can't find a good answer.
> Is it
> possible to set logon time restrictions to users when Samba operates
> as a
> PDC, controlling Windows XP Pro clients?
>
> We're in the need to have different time restrictions based on user
> groups
> as well as individual users.
I can say pretty confidently that you won't be able to do what you need
with the stock Samba 2.2.5. You don't say what the host operating
system is, but with Samba 2.x, having a restriction such as this really
depends on what authentication methods are available on the operating
system you are running Samba on, as well as how Samba itself is
configured.
Let's assume for the moment you are using Linux on the Samba PDC. I
have made Samba 2.x jump through hoops with the use of PAM
authentication, in order to have password expiration policies and
password change policies in effect. I personally have never seen any
mechanism built into the standard Linux authentication mechanisms which
restricts logon based on time of day. PAM on Redhat certainly doesn't.
I suggest you review what is available in Samba 3.0 and later. My
understanding is that the authentication mechanisms are much more
flexible than they were in 2.x. That said, I think what you need is
going to require a bit of work on your part to implement. It's not an
out-of-the-box requirement for most Samba servers, to say the least!
--
Jim Morris (J i m @ M o r r i s - W o r l d . c o m)
More information about the samba
mailing list