Description of Problem: I am unable to get SAMBA to work with the pam_time.so module. I have the following in /etc/pam.d/samba: auth required /lib/security/pam_stack.so service=system-auth account required /lib/security/pam_stack.so service=system-auth account required /lib/security/pam_time.so And in /etc/security/time.conf: samba;ttyp*;*;Al2100-2115 I was using that time range for testing. My log files get this when trying to login to the SAMBA server: pam_time[21446]: couldn't get the tty name How does SAMBA get the tty name? How Reproducible: enable pam_time.so in /etc/pam.d/samba Steps to Reproduce: 1. Log into SAMBA server with a windows client 2. 3. Actual Results: error in messages / login fails Expected Results: Denied login during specified time in /etc/security/time.conf, othewise allow login to SAMBA server Additional Information:
Forgot to mention I am running samba-2.0.8-1.7.1
Samba clients connecting to a server don't get a tty allocated to them (contrast with telnet, which allocates a tty for each connecting client), so pam_time will always fail by design.
Samba 2.2.0 and above allocate themselves 'samba' as the tty to work around this. You will need 2.2.0 for this kind of pam support, as the 2.0 series only uses PAM for password checking.
Thanks for the info - I'll check out the rawhide version of SAMBA.
The rawhide version works great using pam_time.so. One more question: does anyone know how I would implement groups? For example, if I wanted to deny access for a certain group (from /etc/group) for a certain time period, how would I do this? It works great for listing several users, but it would be nice to use groups that have already been setup. TIA for any information or links to docs.