3187 – sambaLogonHours and timezones

Bug 3187 - sambaLogonHours and timezones

Summary: sambaLogonHours and timezones

Status:	RESOLVED FIXED

Alias:	None

Product:	Samba 3.0
Classification:	Unclassified
Component:	User/Group Accounts (show other bugs)
Version:	3.0.9
Hardware:	x86 Linux

Importance:	P3 minor
Target Milestone:	none
Assignee:	Jim McDonough
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:

Reported:	2005-10-18 02:13 UTC by David Wilson
Modified:	2006-04-10 01:07 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description David Wilson 2005-10-18 02:13:27 UTC

Message posted to samba@lists.samba.org:

Hi guys/girls,

How are you keeping ?

A while ago I mentioned a problem that I'm picking up with Samba with 
OpenLDAP and the "logon hours" restrictions which are implemented via the NT 
4.0 User Manager.

Basically my problem was that users were unable to login 2 hours before the 
actual restriction should kick in.
At the time I thought that perhaps the problem was caused by Slackware Linux 
and it's timezone implementation of SAST (GMT+2).
Since then I've experienced the same problem on SLES9 and Suse Linux 9.3.

From what I can see, the "sambaLogonHours" value is always set with GMT in 
mind.
Because in South Africa we are at GMT+2 Samba enforces restrictions 2 hours 
before it should.
For example if users should only denied login access at 16:00, Samba is 
denying them access at 14:00.

I've looked all over and cannot find a solution to the problem other than 
adding two hours to the logon hours restrictions for each user when using 
the NT User Manager tool.

Does anyone know of a workaround for this ? Is there a way to get Samba to 
check the time zone on the server first and make calculations before writing 
values for the "sambaLogonHours" attribute ?

Links/references:
Explanation of feature: http://www.archive-two.com/new-2794385-2895.html
http://lists.samba.org/archive/samba-technical/2004-December/038271.html
http://archives.free.net.ph/message/20051006.181854.4d7c50dc.en.html
http://archives.free.net.ph/message/20050701.071531.eeffd7e5.en.html
http://lists.samba.org/archive/samba/2005-February/099778.html

Thanks in advance.

Comment 1 Gerald (Jerry) Carter (dead mail address) 2005-10-26 05:52:44 UTC

This has been hashed out on the mailing list a good bit. 
http://lists.samba.org/archive/samba/2005-October/112456.html

Comment 2 Carlos Santiviago (dead mail address) 2005-11-21 02:54:42 UTC

from auth_sam.c, logon_hours_ok():
[...]
        hours = pdb_get_hours(sampass); [1]
[...]
        utctime = localtime(&smb_last_time.tv_sec); [2]
[...]

Since the hours are stored in GMT, there should be some function to convert the GMT stored[1] time to the server's local time, and after that, the [2] call makes sense.

Comment 3 Carlos Santiviago (dead mail address) 2005-11-22 10:02:48 UTC

More on this. I did some tests, and if the admin machine (the one who runs usrmgr) is in GMT (and the server isn't), looks like the time restriction works the way it should.

Comment 4 Jim McDonough 2005-11-23 15:09:28 UTC

switched it to gmtime() instead of localtime() and now it is working for me.  Please verify the checkin (rev 11886 in svn).

Comment 5 David Wilson 2006-04-08 09:01:18 UTC

(In reply to comment #4)
> switched it to gmtime() instead of localtime() and now it is working for me. 
> Please verify the checkin (rev 11886 in svn).
> 

Hi Jim. I still haven't tested this. Do you know if this fix was ever implemented ?

Comment 6 Jim McDonough 2006-04-08 10:48:43 UTC

Yah, that's what the revision number above is about...when it was checked in...so it should be there.

Comment 7 David Wilson 2006-04-10 01:07:32 UTC

Thanks Jim.
I will try the latest SerNET packages for SLES 9 and see if it's sorted.