LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 02-15-2009, 12:09 PM   #1
Enrikoala
LQ Newbie
 
Registered: Feb 2009
Location: Genova
Posts: 6

Rep: Reputation: 0
Unhappy Samba, PAM and MySql auth


Hi to all again, this is my second problem.
I've installed a Linux Ubuntu Server in my company and I've stored in separate folders the files of my emplojees that, of course, don't have a user in that machine.
The list of the users are in a MySql folder and the password are crypted with the PASSWORD() option of mysql.
I've activated with success the ftp service using PAM authentication and I would like do the same with samba.
I've tryed one month reading a lot of HowTo, posts, linux-guru, etc. but I'm still having the same result: no way!
My goal will be to share all the folders but I want every user could log only in his personal folder.
I'm really stressed about that! :-)
Could anyone help me please with some working examples?
Thanks anyway for interesting. Enrico
 
Old 02-15-2009, 02:20 PM   #2
jschiwal
Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654
How many users is this for? How do they authenticate now? There is a mysqlsam backend mentioned in "Samba-3 Official HOWTO & Reference Guide" but no further information on it that I could find in the book. I'd recommend that book and "Samba-3 by Example". They are available in the book stores, or you can download the pdfs from the Samba website. Also, most distro's have a `samba-doc' package that has these two books.

I don't think you are approaching this the correct way. There are different password backends for samba. They contain more information than the the username and encrypted password. You can use the smbpasswd command to add users & passwords. There is also a tdbsam database which you might want to use for over 20 users. Or you can use ldap or AD to handle authentication. The two books I mentioned have step by step instructions, including setting up the directories to share, and their permissions.

A samba user needs to be a Linux user as well. A user will have a UID on Linux as well. That is what the Linux permission system is based on.

Take a look at these two share definitions:
Code:
[profiles]
        comment = Network Profiles Service
        path = %H
        read only = No
        store dos attributes = Yes
        create mask = 0600
        directory mask = 0700
[users]
        comment = All users
        path = /home
        read only = No
        inherit acls = Yes
        veto files = /aquota.user/groups/shares/
The profile share will show up as profiles in explorer. When a user clicks on it, they will need to authenticate if they haven't started a session. When they do, they will see their own share. The other users shares don't even show up.

The `users' share will show up as `users' in explorer. When a user opens it, they will see a share by all of the users and will need to locate their own share and open it. Access to the other shares depends on the permissions of each users home directory.
 
Old 02-17-2009, 03:55 PM   #3
Enrikoala
LQ Newbie
 
Registered: Feb 2009
Location: Genova
Posts: 6

Original Poster
Rep: Reputation: 0
Wink

Quote:
Originally Posted by jschiwal View Post
How many users is this for?
Right now is for 5/8 people, just my emplojees.

Quote:
Originally Posted by jschiwal View Post
How do they authenticate now?
They don't authenticate. I would they do it when they will be trying to access to their folder on the server.


Quote:
Originally Posted by jschiwal View Post
There is a mysqlsam backend mentioned in "Samba-3 Official HOWTO & Reference Guide" but no further information on it that I could find in the book. I'd recommend that book and "Samba-3 by Example". They are available in the book stores, or you can download the pdfs from the Samba website. Also, most distro's have a `samba-doc' package that has these two books.
I don't think you are approaching this the correct way. There are different password backends for samba. They contain more information than the the username and encrypted password. You can use the smbpasswd command to add users & passwords. There is also a tdbsam database which you might want to use for over 20 users. Or you can use ldap or AD to handle authentication. The two books I mentioned have step by step instructions, including setting up the directories to share, and their permissions.
I would use the mysql archive of usernames and password because I'm using that for a lot of other procedures like FTP access, internal website access, working hour count, etc.

Quote:
Originally Posted by jschiwal View Post
A samba user needs to be a Linux user as well. A user will have a UID on Linux as well. That is what the Linux permission system is based on.
And that is what I really don't want. My users don't have to be server users but just authenticate from a database.
I have a NAS of Buffalo Technology that does exactly that. I've searched the specifications and I've seen that it uses linux inside for authentications. I can use it as FTP and as Samba with just one declaration of user and passw. So I would to recreate the same condition on mu ubuntu server.

Quote:
Originally Posted by jschiwal View Post
Take a look at these two share definitions:
Code:
[profiles]
        comment = Network Profiles Service
        path = %H
        read only = No
        store dos attributes = Yes
        create mask = 0600
        directory mask = 0700
[users]
        comment = All users
        path = /home
        read only = No
        inherit acls = Yes
        veto files = /aquota.user/groups/shares/
The profile share will show up as profiles in explorer. When a user clicks on it, they will need to authenticate if they haven't started a session. When they do, they will see their own share. The other users shares don't even show up.

The `users' share will show up as `users' in explorer. When a user opens it, they will see a share by all of the users and will need to locate their own share and open it. Access to the other shares depends on the permissions of each users home directory.
And this is exactly what I want but how can I say to the server to authenticate the user from a users list stored in a mysql database?

This is my actually samba.conf file if could be useful (now I've shared all the folders but that situation doesn't make me really happy)..

Code:
[global]
        netbios name = Server
        server string = Server Next
        workgroup = NEXT
        log level = 1
        max log size = 10000
        socket options = TCP_NODELAY IPTOS_LOWDELAY
        guest ok = yes
        hosts allow = 192.168.1. 127. localhost
        create mask = 777
        directory mask = 777
        force user = vsftpd
        force group = nogroup
        security = share

[user1.name]
        browseable = yes
        read only = no
        path = /home/user1.name
        comment = Cartella PRIVATA di user1.name
        writeable = yes

[user2.name]
        browseable = yes
        read only = no
        path = /home/user2.name
        comment = Cartella PRIVATA di user2.name
        writeable = yes

[user3.name]
        browseable = yes
        read only = no
        path = /home/user3.name
        comment = Cartella PRIVATA di user3.name
        writeable = yes

[user4.name]
        browseable = yes
        read only = no
        path = /home/user4.name
        comment = Cartella PRIVATA di user4.name
        writeable = yes

[user5.name]
        browseable = yes
        read only = no
        path = /home/user5.name
        comment = Cartella PRIVATA di user5.name
Thanks anyway for interesting.. :-)

Enrico
 
Old 10-08-2010, 07:29 AM   #4
tiekookeit
LQ Newbie
 
Registered: Jan 2009
Location: Brazil
Distribution: debian
Posts: 16

Rep: Reputation: 1
why dont u do that

[user]
browseable = yes
read only = no
path = /home/%u
comment = Cartella PRIVATA di %u

U can use the username stored in the %u variable so set
the right path of the share for each logged user
using only on share declaration.

I stopped by here by chance!

Good Luck!
 
  


Reply

Tags
authentication, mysql, pam, samba


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
pam settings system-auth sachinh Linux - General 3 03-21-2008 12:07 AM
Samba authentication through PAM with MySQL Problem limty Linux - Server 2 12-31-2007 07:54 AM
Pam-auth issues after Samba/Winbind config buddyj57 Red Hat 1 09-26-2006 05:48 PM
Qpopper not getting email (using PAM/Samba Winbind Auth) Josh_T_2 Linux - Networking 8 12-19-2003 12:52 PM
Need help w/Samba & PAM Auth DocJones Linux - Software 3 05-14-2003 08:42 AM


All times are GMT -5. The time now is 06:57 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration