[Samba] Logon time restrictions?

Jim Morris Jim at Morris-World.com
Fri Jan 23 23:24:17 GMT 2004

On Jan 23, 2004, at 12:47 PM, Anders Norrbring wrote:

> I'll try posting again, just to see if someone knows...

Uh - you asked a pretty complex question, and reposting it because 
noone answered after just 3 hours is expecting a lot!  Some of the 
primary developers of Samba are on the other side of the planet from 
you, most likely.  Give it a day next time.

> I've browsed to lots of doc. files, but I can't find a good answer.  
> Is it
> possible to set logon time restrictions to users when Samba operates 
> as a
> PDC, controlling Windows XP Pro clients?
> We're in the need to have different time restrictions based on user 
> groups
> as well as individual users.

I can say pretty confidently that you won't be able to do what you need 
with the stock Samba 2.2.5.  You don't say what the host operating 
system is, but with Samba 2.x, having a restriction such as this really 
depends on what authentication methods are available on the operating 
system you are running Samba on, as well as how Samba itself is 

Let's assume for the moment you are using Linux on the Samba PDC.  I 
have made Samba 2.x jump through hoops with the use of PAM 
authentication, in order to have password expiration policies and 
password change policies in effect.  I personally have never seen any 
mechanism built into the standard Linux authentication mechanisms which 
restricts logon based on time of day.  PAM on Redhat certainly doesn't.

I suggest you review what is available in Samba 3.0 and later. My 
understanding is that the authentication mechanisms are much more 
flexible than they were in 2.x. That said, I think what you need is 
going to require a bit of work on your part to implement. It's not an 
out-of-the-box requirement for most Samba servers, to say the least!
Jim Morris    (J i m @ M o r r i s - W o r l d . c o m)

More information about the samba mailing list