On Fri, Mar 03, 2000 at 02:56:22PM +1100, Mark Atalla wrote:
> I am sending this again in the desperate hope that someone has even a
> hint as to how I might so this. I have searched everywhere trying to
> find this out but have come up with zip. I know that this is all
> done by peoples kindness and so if any could help I would greatly
> appreciate it.
>
> thanks again
> mark.
>
> >>>Thanks to everyone's help I have managed to get smb_auth going
> >>>against an NT machine.
>
> >>>I need to restrict some users by one set of time restrictions and
> >>>allow other users different time restrictions. I can do this if I
> >>>cross reference it by IP address as well but I really would like
> >>>to do this by their username.
I haven't tried to use these sorts of auth features, but the general
principle for how these work is like this:
If you want to enable [feature] for those matching [rule1] AND [rule2]
OR [rule3] and [rule4] you express it like this:
acl [aclname1] [rule1] ...
acl [aclname2] [rule2] ...
acl [aclname3] [rule3] ...
acl [aclname4] [rule4] ...
[feature] allow [aclname1] [aclname2]
[feature] allow [aclname3] [aclname4]
etc.
So assuming you can figure out how to get some users authenticated into
group 1, and others into group 2, and assuming that there *is* a way to
split the authorized users into two groups, this might look like:
acl someusers [rule to match users]
acl otherusers [rule to match users]
acl sometimes MTWHF 9:00-18:00 # Assuming those are the relevant times
acl othertimes MTWHF 18:00-23:59 # Weekday evenings only
http_access allow someusers sometimes
http_access allow otherusers othertimes
...
Hope this helps you get started,
-- Clifton
--
Clifton Royston -- LavaNet Systems Architect -- cliftonr@lava.net
The named which can be named is not the Eternal named.
Received on Thu Mar 02 2000 - 21:13:48 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:51:53 MST