samba mysql 认证_Samba authentication through PAM with MySQL

Ed. note: Randall actually wrote this article back in November, but I've only just put

it on the site today.

Note: this assumes you have Samba, mySQL and pam_mysql

already installed and running on FreeBSD 4.0 or

greater The following describes how to setup Samba, PAM, and mySQL such that Samba users

are authenticated through MySQL using PAM.

You can obtain pam_mysql from the link above, or you can install it from the ports: /usr/ports/security/pam-mysql.

Step 1: Configure MySQL

The following inserts the root user and a sample user both with a password of

"secretpw". The password encryption is done via MySQL's ENCRYPT function. insert

the following SQL:

CREATE DATABASE samba_auth;

CREATE TABLE users (

uid int(6) NOT NULL auto_increment,

gid int(6) DEFAULT '0' NOT NULL,

last_name varchar(80) NOT NULL,

first_name varchar(80) NOT NULL,

login varchar(16) NOT NULL,

date datetime DEFAULT '0000-00-00 00:00:00' NOT NULL,

password varchar(16) NOT NULL,

PRIMARY KEY (uid),

KEY uid (uid),

UNIQUE uid_2 (uid)

);

INSERT INTO users VALUES (

'0', '0', 'account', 'root', 'root',

'NOW()', ENCRYPT('secretpw')

);

INSERT INTO users VALUES (

'1', '1', 'account', 'sample', 'sample',

'NOW()', ENCRYPT('secretpw')

);

Step 2: Configure PAM

pam_mysql has the following configuration options available:(options in parentheses

are defaults) user(nobody) -- The user with access to the open the connection to mysql and has

permission to read the table with the passwords.

passwd("") -- Password for the same.

host(localhost) -- Machine that is running the sql server

db(mysql) -- database that contents the table with the user/password combos

table(user) -- table that you want to use for the user/password checking

usercolumn(User) -- column that has the username field

passwdcolumn(password) -- column that has the password field

crypt(0) -- Used to decide to use MySQL's PASSWORD() function or crypt()

0 = No encryption. Passwords in database in plaintext. NOT recommended!

1 = Use crypt

2 = Use MySQL PASSWORD() function

Append the following to your /etc/pam.conf file

samba auth required pam_mysql.so user=root passwd=secretpw

-> db=samba_auth table=users usercolumn=login crypt=1

samba account required pam_mysql.so user=root passwd=secretpw

-> db=samba_auth table=users usercolumn=login crypt=1

samba password required pam_mysql.so user=root passwd=secretpw

-> db=samba_auth table=users usercolumn=login crypt=1

samba session required pam_mysql.so user=root passwd=secretpw

-> db=samba_auth table=users usercolumn=login crypt=1

Step 3: Configure Samba

the following is a sample smb.conf file # Samba config file

# Date: 2000/11/13 12:31:50

# Global parameters

[global]

workgroup = WORKGROUP-NAME

server string = samba file services at WORKGROUP-NAME

security = USER

#must be set to 'no' to use PAM

encrypt passwords = No

update encrypted = No

allow trusted domains = Yes

min password length = 6

null passwords = No

revalidate = No

[homes]

valid users = sample

writeable = Yes

[www]

path = /www

valid users = sample

force group = http

writeable = Yes

[public]

path = /samba/public

valid users = sample

writeable = Yes

guest ok = No

Step 4: Test

Make sure MySQL and Samba are running. If Samba was running before restart it. Create

a unix user called "sample" and login to that account. Use smbclient to test by

doing the following: % smbclient \\\\localhost\\sample

smbclient will then ask for a password, use 'secretpw', or whatever you made the

password, then see if it works. You should be able to do an 'ls', 'mkdir', or 'cd' when

you are in smbclient. You should also test this out on a Windows machine to make sure it

works. If you aren't using Windows NT or 2000 make sure you 'log-in' to the machine as

'sample'.