Bug 43686

Summary: SAMBA / pam_time.so
Product: [Retired] Red Hat Linux Reporter: Bruce Garlock <bruce>
Component: sambaAssignee: Trond Eivind Glomsrxd <teg>
Status: CLOSED NOTABUG QA Contact: David Lawrence <dkl>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.1CC: bruce, nalin, teg
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2001-06-08 16:14:08 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Bruce Garlock 2001-06-06 10:39:13 UTC 
Description of Problem: I am unable to get SAMBA to work with the
pam_time.so module.  I have the following in /etc/pam.d/samba:

auth       required     /lib/security/pam_stack.so service=system-auth
account    required     /lib/security/pam_stack.so service=system-auth
account    required     /lib/security/pam_time.so

And in /etc/security/time.conf:

samba;ttyp*;*;Al2100-2115

I was using that time range for testing.

My log files get this when trying to login to the SAMBA server:

pam_time[21446]: couldn't get the tty name

How does SAMBA get the tty name?


How Reproducible: enable pam_time.so in /etc/pam.d/samba


Steps to Reproduce:
1. Log into SAMBA server with a windows client
2. 
3. 

Actual Results: error in messages / login fails


Expected Results: Denied login during specified time in
/etc/security/time.conf, othewise allow login to SAMBA server


Additional Information:
Comment 1 Bruce Garlock 2001-06-06 10:40:05 UTC 
Forgot to mention I am running samba-2.0.8-1.7.1
Comment 2 Nalin Dahyabhai 2001-06-08 16:20:28 UTC 
Samba clients connecting to a server don't get a tty allocated to them (contrast
with telnet, which allocates a tty for each connecting client), so pam_time will
always fail by design.
Comment 3 Andrew Bartlett 2001-06-16 13:23:35 UTC 
Samba 2.2.0 and above allocate themselves 'samba' as the tty to work around
this.  You will need 2.2.0 for this kind of pam support, as the 2.0 series only
uses PAM for password checking.
Comment 4 Bruce Garlock 2001-06-18 13:44:57 UTC 
Thanks for the info - I'll check out the rawhide version of SAMBA.
Comment 5 Bruce Garlock 2001-07-11 23:45:06 UTC 
The rawhide version works great using pam_time.so.  One more question: does
anyone know how I would implement groups?  For example, if I wanted to deny
access for a certain group (from /etc/group) for a certain time period, how
would I do this?  It works great for listing several users, but it would be nice
to use groups that have already been setup.  TIA for any information or links to
docs.