HOWTO Samba with Mysql
From Gentoo Linux Wiki
| Installation • Kernel & Hardware • Networks • Portage • Software • System • X Server • Gaming • Non-x86 • Emulators • Misc |
Contents |
[edit] Introduction
This page is still a work in progress. This document is intended to aid in the installation of a Samba setup that authenticates via MySQL database.
[edit] What do I emerge?
The use flag you should be looking for is +mysql on the samba package.
| Code: #emerge -av mysql samba |
These are the packages that I would merge, in order: Calculating dependencies ...done! [ebuild N ] dev-db/mysql-4.1.14 +berkdb -big-tables -cluster -debug -doc -extraengine -geometry -minimal +perl +readline (-selinux) +ssl -static +tcpd -utf8 0 kB [ebuild N ] perl-core/Storable-2.13 131 kB [ebuild N ] dev-perl/Net-Daemon-0.38 30 kB [ebuild N ] dev-perl/PlRPC-0.2016-r1 17 kB [ebuild N ] dev-perl/DBI-1.46 363 kB [ebuild N ] dev-perl/DBD-mysql-2.9007 114 kB [ebuild N ] net-fs/samba-3.0.14a-r2 -acl +cups -doc -examples -kerberos -ldap -libclamav +mysql* -oav -pam -postgres +python -quotas +readline (-selinux) -winbind -xml +xml2 0 kB Total size of downloads: 668 kB Do you want me to merge these packages? [Yes/No] |
Be sure to run etc-update after the programs are installed.
[edit] Configuring MySQL
MySQL will need to be initially set up. See HOWTO_MySQL for more information on installing MySQL.
| Code: #mysql_install_db |
Installing all prepared tables Fill help tables To start mysqld at boot time you have to copy support-files/mysql.server to the right place for your system PLEASE REMEMBER TO SET A PASSWORD FOR THE MySQL root USER ! To do so, start the server, then issue the following commands: /usr/bin/mysqladmin -u root password 'new-password' /usr/bin/mysqladmin -u root -h plum password 'new-password' See the manual for more instructions. You can start the MySQL daemon with: cd /usr ; /usr/bin/mysqld_safe & You can test the MySQL daemon with the benchmarks in the 'sql-bench' directory: cd sql-bench ; perl run-all-tests Please report any problems with the /usr/bin/mysqlbug script! The latest information about MySQL is available on the web at http://www.mysql.com Support MySQL by buying support/licenses at https://order.mysql.com |
You should also then run /etc/init.d/mysql start:
| Code: #/etc/init.d/mysql start |
* Starting mysqld (/etc/mysql/my.cnf) ... [ ok ] |
Below is the database schema you will need. The password encryption is done via MySQL's ENCRYPT function. insert the following SQL:
CREATE DATABASE samba_auth;
USE samba_auth;
CREATE TABLE user (
logon_time int(9),
logoff_time int(9),
kickoff_time int(9),
pass_last_set_time int(9),
pass_can_change_time int(9),
pass_must_change_time int(9),
username varchar(255),
domain varchar(255),
nt_username varchar(255),
nt_fullname varchar(255),
home_dir varchar(255),
dir_drive varchar(4),
logon_script varchar(255),
profile_path varchar(255),
acct_desc varchar(255),
workstations varchar(255),
unknown_str varchar(255),
munged_dial varchar(255),
uid int(9) NOT NULL PRIMARY KEY auto_increment,
gid int(9),
user_sid varchar(255),
group_sid varchar(255),
lm_pw varchar(255),
nt_pw varchar(255),
acct_ctrl int(9),
unknown_3 int(9),
logon_divs int(9),
hours_len int(9),
unknown_5 int(9),
unknown_6 int(9) default "1260",
bad_password_count int(9),
logon_count int(9),
logon_hours varchar(255)
);
[edit] Configure Samba
Your /etc/samba/smb.conf file should be edited to look something like the following.
[global]
passdb backend = mysql:foo
foo:domain column = 'LOCALDOMAIN':
server string = samba file services at WORKGROUP-NAME
security = USER
encrypt passwords = No
update encrypted = No
allow trusted domains = Yes
min password length = 6
null passwords = No
foo:mysql host = localhost # can be changed to remote host
foo:mysql password = sambapass
foo:mysql user = samba
foo:mysql database = samba_auth
foo:mysql port = 3306
foo:table = user
revalidate = No
[homes]
writeable = Yes
[www]
path = /www
valid users = penguin
force group = http
writeable = Yes
[public]
path = /samba/public
valid users = penguin
writeable = Yes
guest ok = No
In some cases, for whatever reason, 'encrypt passwords' must be set to yes in order to allow the connection. If it is not, the error NT_STATUS_LOGON_FAILURE may be encountered.
[edit] Adding Users
With MySQL and Samba running, execute:root# adduser penguin root# pdbedit -a penguin new password: somepassword retype new password: somepassword
'penguin' is the username to be created with the password 'somepassword'
[edit] Test
Make sure MySQL and Samba are running. If Samba was running before restart it. Create a unix user called "penguin" and login to that account. Use smbclient to test by doing the following.
| Code: Test using smbclient |
# smbclient \\\\localhost\\penguin |
smbclient will then ask for a password, use 'secretpw', or whatever you made the password, then see if it works. You should be able to do an 'ls', 'mkdir', or 'cd' when you are in smbclient. You should also test this out on a Windows machine to make sure it works. If you aren't using Windows NT or 2000 make sure you 'log-in' to the machine as 'penguin'.
[edit] References
http://us5.samba.org/samba/docs/man/Samba-HOWTO-Collection/passdb.html#id2562246
