1 <chapter id="pdb-mysql">
4 <firstname>Jelmer</firstname><surname>Vernooij</surname>
6 <orgname>The Samba Team</orgname>
7 <address><email>jelmer@samba.org</email></address>
10 <pubdate>November 2002</pubdate>
13 <title>Passdb MySQL plugin</title>
16 <title>Building</title>
18 <para>To build the plugin, run <command>make bin/pdb_mysql.so</command>
19 in the <filename>source/</filename> directory of samba distribution.
22 <para>Next, copy pdb_mysql.so to any location you want. I
23 strongly recommend installing it in $PREFIX/lib or /usr/lib/samba/</para>
28 <title>Configuring</title>
30 <para>This plugin lacks some good documentation, but here is some short info:</para>
32 <para>Add a the following to the <command>passdb backend</command> variable in your <filename>smb.conf</filename>:
34 passdb backend = [other-plugins] plugin:/location/to/pdb_mysql.so:identifier [other-plugins]
38 <para>The identifier can be any string you like, as long as it doesn't collide with
39 the identifiers of other plugins or other instances of pdb_mysql. If you
40 specify multiple pdb_mysql.so entries in 'passdb backend', you also need to
41 use different identifiers!
45 Additional options can be given thru the smb.conf file in the [global] section.
48 <para><programlisting>
49 identifier:mysql host - host name, defaults to 'localhost'
50 identifier:mysql password
51 identifier:mysql user - defaults to 'samba'
52 identifier:mysql database - defaults to 'samba'
53 identifier:mysql port - defaults to 3306
54 identifier:table - Name of the table containing users
55 </programlisting></para>
59 WARNING: since the password for the mysql user is stored in the
60 smb.conf file, you should make the the smb.conf file
61 readable only to the user that runs samba. This is considered a security
62 bug and will be fixed soon.</emphasis>
65 <para>Names of the columns in this table(I've added column types those columns should have first):</para>
67 <para><programlisting>
68 identifier:logon time column - int(9)
69 identifier:logoff time column - int(9)
70 identifier:kickoff time column - int(9)
71 identifier:pass last set time column - int(9)
72 identifier:pass can change time column - int(9)
73 identifier:pass must change time column - int(9)
74 identifier:username column - varchar(255) - unix username
75 identifier:domain column - varchar(255) - NT domain user is part of
76 identifier:nt username column - varchar(255) - NT username
77 identifier:fullname column - varchar(255) - Full name of user
78 identifier:home dir column - varchar(255) - Unix homedir path
79 identifier:dir drive column - varchar(2) - Directory drive path (eg: 'H:')
80 identifier:logon script column - varchar(255) - Batch file to run on client side when logging on
81 identifier:profile path column - varchar(255) - Path of profile
82 identifier:acct desc column - varchar(255) - Some ASCII NT user data
83 identifier:workstations column - varchar(255) - Workstations user can logon to (or NULL for all)
84 identifier:unknown string column - varchar(255) - unknown string
85 identifier:munged dial column - varchar(255) - ?
86 identifier:uid column - int(9) - Unix user ID (uid)
87 identifier:gid column - int(9) - Unix user group (gid)
88 identifier:user sid column - varchar(255) - NT user SID
89 identifier:group sid column - varchar(255) - NT group ID
90 identifier:lanman pass column - varchar(255) - encrypted lanman password
91 identifier:nt pass column - varchar(255) - encrypted nt passwd
92 identifier:plain pass column - varchar(255) - plaintext password
93 identifier:acct control column - int(9) - nt user data
94 identifier:unknown 3 column - int(9) - unknown
95 identifier:logon divs column - int(9) - ?
96 identifier:hours len column - int(9) - ?
97 identifier:unknown 5 column - int(9) - unknown
98 identifier:unknown 6 column - int(9) - unknown
99 </programlisting></para>
102 Eventually, you can put a colon (:) after the name of each column, which
103 should specify the column to update when updating the table. You can also
104 specify nothing behind the colon - then the data from the field will not be
111 <title>Using plaintext passwords or encrypted password</title>
114 I strongly discourage the use of plaintext passwords, however, you can use them:
118 If you would like to use plaintext passwords, set 'identifier:lanman pass column' and 'identifier:nt pass column' to 'NULL' (without the quotes) and 'identifier:plain pass column' to the name of the column containing the plaintext passwords.
122 If you use encrypted passwords, set the 'identifier:plain pass column' to 'NULL' (without the quotes). This is the default.
128 <title>Getting non-column data from the table</title>
131 It is possible to have not all data in the database and making some 'constant'.
135 For example, you can set 'identifier:fullname column' to :
136 <command>CONCAT(First_name,' ',Sur_name)</command>
140 Or, set 'identifier:workstations column' to :
141 <command>NULL</command></para>
143 <para>See the MySQL documentation for more language constructs.</para>