1 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
5 >Passdb MySQL plugin</TITLE
8 CONTENT="Modular DocBook HTML Stylesheet Version 1.77+"><LINK
10 TITLE="SAMBA Project Documentation"
11 HREF="samba-howto-collection.html"><LINK
13 TITLE="Optional configuration"
14 HREF="optional.html"><LINK
16 TITLE="Unified Logons between Windows NT and UNIX using Winbind"
17 HREF="winbind.html"><LINK
19 TITLE="Passdb XML plugin"
20 HREF="pdb-xml.html"></HEAD
31 SUMMARY="Header navigation table"
40 >SAMBA Project Documentation</TH
77 >Chapter 16. Passdb MySQL plugin</H1
87 >To build the plugin, run <B
89 >make bin/pdb_mysql.so</B
94 > directory of samba distribution. </P
96 >Next, copy pdb_mysql.so to any location you want. I
97 strongly recommend installing it in $PREFIX/lib or /usr/lib/samba/</P
106 >16.2. Creating the database</H1
108 >You either can set up your own table and specify the field names to pdb_mysql (see below
109 for the column names) or use the default table. The file <TT
111 >examples/pdb/mysql/mysql.dump</TT
113 contains the correct queries to create the required tables. Use the command :
139 >/path/to/samba/examples/pdb/mysql/mysql.dump</TT
150 >16.3. Configuring</H1
152 >This plugin lacks some good documentation, but here is some short info:</P
154 >Add a the following to the <B
157 > variable in your <TT
162 CLASS="PROGRAMLISTING"
163 >passdb backend = [other-plugins] plugin:/location/to/pdb_mysql.so:identifier [other-plugins]</PRE
166 >The identifier can be any string you like, as long as it doesn't collide with
167 the identifiers of other plugins or other instances of pdb_mysql. If you
168 specify multiple pdb_mysql.so entries in 'passdb backend', you also need to
169 use different identifiers!</P
171 >Additional options can be given thru the smb.conf file in the [global] section.</P
174 CLASS="PROGRAMLISTING"
175 >identifier:mysql host - host name, defaults to 'localhost'
176 identifier:mysql password
177 identifier:mysql user - defaults to 'samba'
178 identifier:mysql database - defaults to 'samba'
179 identifier:mysql port - defaults to 3306
180 identifier:table - Name of the table containing users</PRE
187 >WARNING: since the password for the mysql user is stored in the
188 smb.conf file, you should make the the smb.conf file
189 readable only to the user that runs samba. This is considered a security
190 bug and will be fixed soon.</I
194 >Names of the columns in this table(I've added column types those columns should have first):</P
197 CLASS="PROGRAMLISTING"
198 >identifier:logon time column - int(9)
199 identifier:logoff time column - int(9)
200 identifier:kickoff time column - int(9)
201 identifier:pass last set time column - int(9)
202 identifier:pass can change time column - int(9)
203 identifier:pass must change time column - int(9)
204 identifier:username column - varchar(255) - unix username
205 identifier:domain column - varchar(255) - NT domain user is part of
206 identifier:nt username column - varchar(255) - NT username
207 identifier:fullname column - varchar(255) - Full name of user
208 identifier:home dir column - varchar(255) - Unix homedir path
209 identifier:dir drive column - varchar(2) - Directory drive path (eg: 'H:')
210 identifier:logon script column - varchar(255) - Batch file to run on client side when logging on
211 identifier:profile path column - varchar(255) - Path of profile
212 identifier:acct desc column - varchar(255) - Some ASCII NT user data
213 identifier:workstations column - varchar(255) - Workstations user can logon to (or NULL for all)
214 identifier:unknown string column - varchar(255) - unknown string
215 identifier:munged dial column - varchar(255) - ?
216 identifier:uid column - int(9) - Unix user ID (uid)
217 identifier:gid column - int(9) - Unix user group (gid)
218 identifier:user sid column - varchar(255) - NT user SID
219 identifier:group sid column - varchar(255) - NT group ID
220 identifier:lanman pass column - varchar(255) - encrypted lanman password
221 identifier:nt pass column - varchar(255) - encrypted nt passwd
222 identifier:plain pass column - varchar(255) - plaintext password
223 identifier:acct control column - int(9) - nt user data
224 identifier:unknown 3 column - int(9) - unknown
225 identifier:logon divs column - int(9) - ?
226 identifier:hours len column - int(9) - ?
227 identifier:unknown 5 column - int(9) - unknown
228 identifier:unknown 6 column - int(9) - unknown</PRE
231 >Eventually, you can put a colon (:) after the name of each column, which
232 should specify the column to update when updating the table. You can also
233 specify nothing behind the colon - then the data from the field will not be
243 >16.4. Using plaintext passwords or encrypted password</H1
245 >I strongly discourage the use of plaintext passwords, however, you can use them:</P
247 >If you would like to use plaintext passwords, set 'identifier:lanman pass column' and 'identifier:nt pass column' to 'NULL' (without the quotes) and 'identifier:plain pass column' to the name of the column containing the plaintext passwords. </P
249 >If you use encrypted passwords, set the 'identifier:plain pass column' to 'NULL' (without the quotes). This is the default.</P
258 >16.5. Getting non-column data from the table</H1
260 >It is possible to have not all data in the database and making some 'constant'.</P
262 >For example, you can set 'identifier:fullname column' to :
265 >CONCAT(First_name,' ',Sur_name)</B
268 >Or, set 'identifier:workstations column' to :
274 >See the MySQL documentation for more language constructs.</P
282 SUMMARY="Footer navigation table"
302 HREF="samba-howto-collection.html"
321 >Unified Logons between Windows NT and UNIX using Winbind</TD
335 >Passdb XML plugin</TD