Samba, PAM and MySql auth - LinuxQuestions.org

LinuxQuestions.org

Register a domain and help support LQ

Mark Forums Read

		LinuxQuestions.org > Forums > Linux > Linux - Software
Samba, PAM and MySql auth

Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Welcome to LinuxQuestions.org, a friendly and active Linux Community.

You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!

Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.

Are you new to LinuxQuestions.org? Visit the following links:
Site Howto | Site FAQ | Sitemap | Register Now

If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.

Tags used in this thread
Popular LQ Tags	authentication, mysql, pam, samba

Reply

Old

02-15-2009, 01:09 PM

#1

Enrikoala

LQ Newbie

Registered: Feb 2009

Location: Genova

Posts: 6

Thanked: 0

Unhappy

Samba, PAM and MySql auth

[Log in to get rid of this advertisement]

Hi to all again, this is my second problem.
I've installed a Linux Ubuntu Server in my company and I've stored in separate folders the files of my emplojees that, of course, don't have a user in that machine.
The list of the users are in a MySql folder and the password are crypted with the PASSWORD() option of mysql.
I've activated with success the ftp service using PAM authentication and I would like do the same with samba.
I've tryed one month reading a lot of HowTo, posts, linux-guru, etc. but I'm still having the same result: no way!
My goal will be to share all the folders but I want every user could log only in his personal folder.
I'm really stressed about that! :-)
Could anyone help me please with some working examples?
Thanks anyway for interesting. Enrico

Enrikoala is offline

Tag This Post

authentication, mysql, pam, samba

Reply With Quote

02-15-2009, 03:20 PM		#2
jschiwal Moderator Registered: Aug 2001 Location: Fargo, ND Distribution: SuSE AMD64 Posts: 12,877 Thanked: 232	How many users is this for? How do they authenticate now? There is a mysqlsam backend mentioned in "Samba-3 Official HOWTO & Reference Guide" but no further information on it that I could find in the book. I'd recommend that book and "Samba-3 by Example". They are available in the book stores, or you can download the pdfs from the Samba website. Also, most distro's have a `samba-doc' package that has these two books. I don't think you are approaching this the correct way. There are different password backends for samba. They contain more information than the the username and encrypted password. You can use the smbpasswd command to add users & passwords. There is also a tdbsam database which you might want to use for over 20 users. Or you can use ldap or AD to handle authentication. The two books I mentioned have step by step instructions, including setting up the directories to share, and their permissions. A samba user needs to be a Linux user as well. A user will have a UID on Linux as well. That is what the Linux permission system is based on. Take a look at these two share definitions: Code: [profiles] comment = Network Profiles Service path = %H read only = No store dos attributes = Yes create mask = 0600 directory mask = 0700 [users] comment = All users path = /home read only = No inherit acls = Yes veto files = /aquota.user/groups/shares/ The profile share will show up as profiles in explorer. When a user clicks on it, they will need to authenticate if they haven't started a session. When they do, they will see their own share. The other users shares don't even show up. The `users' share will show up as `users' in explorer. When a user opens it, they will see a share by all of the users and will need to locate their own share and open it. Access to the other shares depends on the permissions of each users home directory.

Old

02-17-2009, 04:55 PM

#3

Enrikoala

LQ Newbie

Registered: Feb 2009

Location: Genova

Posts: 6

Thanked: 0

Original Poster

Wink

Quote:

Originally Posted by jschiwal

View Post

How many users is this for?

Right now is for 5/8 people, just my emplojees.

Quote:

Originally Posted by jschiwal

View Post

How do they authenticate now?

They don't authenticate. I would they do it when they will be trying to access to their folder on the server.

Quote:

Originally Posted by jschiwal

View Post

There is a mysqlsam backend mentioned in "Samba-3 Official HOWTO & Reference Guide" but no further information on it that I could find in the book. I'd recommend that book and "Samba-3 by Example". They are available in the book stores, or you can download the pdfs from the Samba website. Also, most distro's have a `samba-doc' package that has these two books.
I don't think you are approaching this the correct way. There are different password backends for samba. They contain more information than the the username and encrypted password. You can use the smbpasswd command to add users & passwords. There is also a tdbsam database which you might want to use for over 20 users. Or you can use ldap or AD to handle authentication. The two books I mentioned have step by step instructions, including setting up the directories to share, and their permissions.

I would use the mysql archive of usernames and password because I'm using that for a lot of other procedures like FTP access, internal website access, working hour count, etc.

Quote:

Originally Posted by jschiwal

View Post

A samba user needs to be a Linux user as well. A user will have a UID on Linux as well. That is what the Linux permission system is based on.

And that is what I really don't want. My users don't have to be server users but just authenticate from a database.
I have a NAS of Buffalo Technology that does exactly that. I've searched the specifications and I've seen that it uses linux inside for authentications. I can use it as FTP and as Samba with just one declaration of user and passw. So I would to recreate the same condition on mu ubuntu server.

Quote:

Originally Posted by jschiwal

View Post

Take a look at these two share definitions:

Code:

[profiles]
        comment = Network Profiles Service
        path = %H
        read only = No
        store dos attributes = Yes
        create mask = 0600
        directory mask = 0700
[users]
        comment = All users
        path = /home
        read only = No
        inherit acls = Yes
        veto files = /aquota.user/groups/shares/

The profile share will show up as profiles in explorer. When a user clicks on it, they will need to authenticate if they haven't started a session. When they do, they will see their own share. The other users shares don't even show up.

The `users' share will show up as `users' in explorer. When a user opens it, they will see a share by all of the users and will need to locate their own share and open it. Access to the other shares depends on the permissions of each users home directory.

And this is exactly what I want but how can I say to the server to authenticate the user from a users list stored in a mysql database?

This is my actually samba.conf file if could be useful (now I've shared all the folders but that situation doesn't make me really happy)..

Code:

[global]
        netbios name = Server
        server string = Server Next
        workgroup = NEXT
        log level = 1
        max log size = 10000
        socket options = TCP_NODELAY IPTOS_LOWDELAY
        guest ok = yes
        hosts allow = 192.168.1. 127. localhost
        create mask = 777
        directory mask = 777
        force user = vsftpd
        force group = nogroup
        security = share

[user1.name]
        browseable = yes
        read only = no
        path = /home/user1.name
        comment = Cartella PRIVATA di user1.name
        writeable = yes

[user2.name]
        browseable = yes
        read only = no
        path = /home/user2.name
        comment = Cartella PRIVATA di user2.name
        writeable = yes

[user3.name]
        browseable = yes
        read only = no
        path = /home/user3.name
        comment = Cartella PRIVATA di user3.name
        writeable = yes

[user4.name]
        browseable = yes
        read only = no
        path = /home/user4.name
        comment = Cartella PRIVATA di user4.name
        writeable = yes

[user5.name]
        browseable = yes
        read only = no
        path = /home/user5.name
        comment = Cartella PRIVATA di user5.name

Thanks anyway for interesting.. :-)

Enrico

Enrikoala is offline

Reply With Quote

Reply

Bookmarks

Thread Tools
Show Printable Version Email this Page

Posting Rules
You may not post new threads You may not post replies You may not post attachments You may not edit your posts BB code is On Smilies are On [IMG] code is Off HTML code is Off Forum Rules

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
pam settings system-auth	sachinh	Linux - General	3	03-21-2008 01:07 AM
Samba authentication through PAM with MySQL Problem	limty	Linux - Server	2	12-31-2007 08:54 AM
Pam-auth issues after Samba/Winbind config	buddyj57	Red Hat	1	09-26-2006 06:48 PM
Qpopper not getting email (using PAM/Samba Winbind Auth)	Josh_T_2	Linux - Networking	8	12-19-2003 01:52 PM
Need help w/Samba & PAM Auth	DocJones	Linux - Software	3	05-14-2003 09:42 AM

All times are GMT -5. The time now is 12:17 PM.

Main Menu

My LQ

Write for LQ

LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.

Main Menu

Syndicate

Latest Threads

LQ News

LQ Podcast

LQ Radio

Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: @linuxquestions

Open Source Consulting | Domain Registration