Bug 43686 - SAMBA / pam_time.so
SAMBA / pam_time.so
Status: CLOSED NOTABUG
Product: Red Hat Linux
Classification: Retired
Component: samba (Show other bugs)
7.1
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Trond Eivind Glomsrxd
David Lawrence
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2001-06-06 06:39 EDT by Bruce Garlock
Modified: 2007-04-18 12:33 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2001-06-08 12:14:08 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Bruce Garlock 2001-06-06 06:39:13 EDT
Description of Problem: I am unable to get SAMBA to work with the
pam_time.so module.  I have the following in /etc/pam.d/samba:

auth       required     /lib/security/pam_stack.so service=system-auth
account    required     /lib/security/pam_stack.so service=system-auth
account    required     /lib/security/pam_time.so

And in /etc/security/time.conf:

samba;ttyp*;*;Al2100-2115

I was using that time range for testing.

My log files get this when trying to login to the SAMBA server:

pam_time[21446]: couldn't get the tty name

How does SAMBA get the tty name?


How Reproducible: enable pam_time.so in /etc/pam.d/samba


Steps to Reproduce:
1. Log into SAMBA server with a windows client
2. 
3. 

Actual Results: error in messages / login fails


Expected Results: Denied login during specified time in
/etc/security/time.conf, othewise allow login to SAMBA server


Additional Information:
Comment 1 Bruce Garlock 2001-06-06 06:40:05 EDT
Forgot to mention I am running samba-2.0.8-1.7.1
Comment 2 Nalin Dahyabhai 2001-06-08 12:20:28 EDT
Samba clients connecting to a server don't get a tty allocated to them (contrast
with telnet, which allocates a tty for each connecting client), so pam_time will
always fail by design.
Comment 3 Andrew Bartlett 2001-06-16 09:23:35 EDT
Samba 2.2.0 and above allocate themselves 'samba' as the tty to work around
this.  You will need 2.2.0 for this kind of pam support, as the 2.0 series only
uses PAM for password checking.
Comment 4 Bruce Garlock 2001-06-18 09:44:57 EDT
Thanks for the info - I'll check out the rawhide version of SAMBA.
Comment 5 Bruce Garlock 2001-07-11 19:45:06 EDT
The rawhide version works great using pam_time.so.  One more question: does
anyone know how I would implement groups?  For example, if I wanted to deny
access for a certain group (from /etc/group) for a certain time period, how
would I do this?  It works great for listing several users, but it would be nice
to use groups that have already been setup.  TIA for any information or links to
docs.

Note You need to log in before you can comment on or make changes to this bug.