LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Software (https://www.linuxquestions.org/questions/linux-software-2/)
-   -   Samba, PAM and MySql auth (https://www.linuxquestions.org/questions/linux-software-2/samba-pam-and-mysql-auth-704840/)

Enrikoala 02-15-2009 12:09 PM
Samba, PAM and MySql auth
 
Hi to all again, this is my second problem.
I've installed a Linux Ubuntu Server in my company and I've stored in separate folders the files of my emplojees that, of course, don't have a user in that machine.
The list of the users are in a MySql folder and the password are crypted with the PASSWORD() option of mysql.
I've activated with success the ftp service using PAM authentication and I would like do the same with samba.
I've tryed one month reading a lot of HowTo, posts, linux-guru, etc. but I'm still having the same result: no way!
My goal will be to share all the folders but I want every user could log only in his personal folder.
I'm really stressed about that! :-)
Could anyone help me please with some working examples?
Thanks anyway for interesting. Enrico

jschiwal 02-15-2009 02:20 PM
How many users is this for? How do they authenticate now? There is a mysqlsam backend mentioned in "Samba-3 Official HOWTO & Reference Guide" but no further information on it that I could find in the book. I'd recommend that book and "Samba-3 by Example". They are available in the book stores, or you can download the pdfs from the Samba website. Also, most distro's have a `samba-doc' package that has these two books.

I don't think you are approaching this the correct way. There are different password backends for samba. They contain more information than the the username and encrypted password. You can use the smbpasswd command to add users & passwords. There is also a tdbsam database which you might want to use for over 20 users. Or you can use ldap or AD to handle authentication. The two books I mentioned have step by step instructions, including setting up the directories to share, and their permissions.

A samba user needs to be a Linux user as well. A user will have a UID on Linux as well. That is what the Linux permission system is based on.

Take a look at these two share definitions:
Code:
[profiles]
        comment = Network Profiles Service
        path = %H
        read only = No
        store dos attributes = Yes
        create mask = 0600
        directory mask = 0700
[users]
        comment = All users
        path = /home
        read only = No
        inherit acls = Yes
        veto files = /aquota.user/groups/shares/
The profile share will show up as profiles in explorer. When a user clicks on it, they will need to authenticate if they haven't started a session. When they do, they will see their own share. The other users shares don't even show up.

The `users' share will show up as `users' in explorer. When a user opens it, they will see a share by all of the users and will need to locate their own share and open it. Access to the other shares depends on the permissions of each users home directory.

Enrikoala 02-17-2009 03:55 PM
Quote:
Originally Posted by jschiwal (Post 3444524)
How many users is this for?
Right now is for 5/8 people, just my emplojees.

Quote:
Originally Posted by jschiwal (Post 3444524)
How do they authenticate now?
They don't authenticate. I would they do it when they will be trying to access to their folder on the server.


Quote:
Originally Posted by jschiwal (Post 3444524)
There is a mysqlsam backend mentioned in "Samba-3 Official HOWTO & Reference Guide" but no further information on it that I could find in the book. I'd recommend that book and "Samba-3 by Example". They are available in the book stores, or you can download the pdfs from the Samba website. Also, most distro's have a `samba-doc' package that has these two books.
I don't think you are approaching this the correct way. There are different password backends for samba. They contain more information than the the username and encrypted password. You can use the smbpasswd command to add users & passwords. There is also a tdbsam database which you might want to use for over 20 users. Or you can use ldap or AD to handle authentication. The two books I mentioned have step by step instructions, including setting up the directories to share, and their permissions.
I would use the mysql archive of usernames and password because I'm using that for a lot of other procedures like FTP access, internal website access, working hour count, etc.

Quote:
Originally Posted by jschiwal (Post 3444524)
A samba user needs to be a Linux user as well. A user will have a UID on Linux as well. That is what the Linux permission system is based on.
And that is what I really don't want. My users don't have to be server users but just authenticate from a database.
I have a NAS of Buffalo Technology that does exactly that. I've searched the specifications and I've seen that it uses linux inside for authentications. I can use it as FTP and as Samba with just one declaration of user and passw. So I would to recreate the same condition on mu ubuntu server.

Quote:
Originally Posted by jschiwal (Post 3444524)
Take a look at these two share definitions:
Code:
[profiles]
        comment = Network Profiles Service
        path = %H
        read only = No
        store dos attributes = Yes
        create mask = 0600
        directory mask = 0700
[users]
        comment = All users
        path = /home
        read only = No
        inherit acls = Yes
        veto files = /aquota.user/groups/shares/
The profile share will show up as profiles in explorer. When a user clicks on it, they will need to authenticate if they haven't started a session. When they do, they will see their own share. The other users shares don't even show up.

The `users' share will show up as `users' in explorer. When a user opens it, they will see a share by all of the users and will need to locate their own share and open it. Access to the other shares depends on the permissions of each users home directory.
And this is exactly what I want but how can I say to the server to authenticate the user from a users list stored in a mysql database?

This is my actually samba.conf file if could be useful (now I've shared all the folders but that situation doesn't make me really happy)..

Code:
[global]
        netbios name = Server
        server string = Server Next
        workgroup = NEXT
        log level = 1
        max log size = 10000
        socket options = TCP_NODELAY IPTOS_LOWDELAY
        guest ok = yes
        hosts allow = 192.168.1. 127. localhost
        create mask = 777
        directory mask = 777
        force user = vsftpd
        force group = nogroup
        security = share

[user1.name]
        browseable = yes
        read only = no
        path = /home/user1.name
        comment = Cartella PRIVATA di user1.name
        writeable = yes

[user2.name]
        browseable = yes
        read only = no
        path = /home/user2.name
        comment = Cartella PRIVATA di user2.name
        writeable = yes

[user3.name]
        browseable = yes
        read only = no
        path = /home/user3.name
        comment = Cartella PRIVATA di user3.name
        writeable = yes

[user4.name]
        browseable = yes
        read only = no
        path = /home/user4.name
        comment = Cartella PRIVATA di user4.name
        writeable = yes

[user5.name]
        browseable = yes
        read only = no
        path = /home/user5.name
        comment = Cartella PRIVATA di user5.name
Thanks anyway for interesting.. :-)

Enrico

tiekookeit 10-08-2010 07:29 AM
why dont u do that

[user]
browseable = yes
read only = no
path = /home/%u
comment = Cartella PRIVATA di %u

U can use the username stored in the %u variable so set
the right path of the share for each logged user
using only on share declaration.

I stopped by here by chance!

Good Luck!


All times are GMT -5. The time now is 09:06 PM.