Bug 43686 - SAMBA / pam_time.so
Summary: SAMBA / pam_time.so
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: samba   
(Show other bugs)
Version: 7.1
Hardware: i386
OS: Linux
Target Milestone: ---
Assignee: Trond Eivind Glomsrxd
QA Contact: David Lawrence
Depends On:
TreeView+ depends on / blocked
Reported: 2001-06-06 10:39 UTC by Bruce Garlock
Modified: 2007-04-18 16:33 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2001-06-08 16:14:08 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Bruce Garlock 2001-06-06 10:39:13 UTC
Description of Problem: I am unable to get SAMBA to work with the
pam_time.so module.  I have the following in /etc/pam.d/samba:

auth       required     /lib/security/pam_stack.so service=system-auth
account    required     /lib/security/pam_stack.so service=system-auth
account    required     /lib/security/pam_time.so

And in /etc/security/time.conf:


I was using that time range for testing.

My log files get this when trying to login to the SAMBA server:

pam_time[21446]: couldn't get the tty name

How does SAMBA get the tty name?

How Reproducible: enable pam_time.so in /etc/pam.d/samba

Steps to Reproduce:
1. Log into SAMBA server with a windows client

Actual Results: error in messages / login fails

Expected Results: Denied login during specified time in
/etc/security/time.conf, othewise allow login to SAMBA server

Additional Information:

Comment 1 Bruce Garlock 2001-06-06 10:40:05 UTC
Forgot to mention I am running samba-2.0.8-1.7.1

Comment 2 Nalin Dahyabhai 2001-06-08 16:20:28 UTC
Samba clients connecting to a server don't get a tty allocated to them (contrast
with telnet, which allocates a tty for each connecting client), so pam_time will
always fail by design.

Comment 3 Andrew Bartlett 2001-06-16 13:23:35 UTC
Samba 2.2.0 and above allocate themselves 'samba' as the tty to work around
this.  You will need 2.2.0 for this kind of pam support, as the 2.0 series only
uses PAM for password checking.

Comment 4 Bruce Garlock 2001-06-18 13:44:57 UTC
Thanks for the info - I'll check out the rawhide version of SAMBA.

Comment 5 Bruce Garlock 2001-07-11 23:45:06 UTC
The rawhide version works great using pam_time.so.  One more question: does
anyone know how I would implement groups?  For example, if I wanted to deny
access for a certain group (from /etc/group) for a certain time period, how
would I do this?  It works great for listing several users, but it would be nice
to use groups that have already been setup.  TIA for any information or links to

Note You need to log in before you can comment on or make changes to this bug.