1 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
5 >Passdb MySQL plugin</TITLE
8 CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
11 TITLE="SAMBA Project Documentation"
12 HREF="samba-howto-collection.html"><LINK
14 TITLE="Optional configuration"
15 HREF="optional.html"><LINK
17 TITLE="Unified Logons between Windows NT and UNIX using Winbind"
18 HREF="winbind.html"><LINK
20 TITLE="Passdb XML plugin"
21 HREF="pdb-xml.html"></HEAD
32 SUMMARY="Header navigation table"
41 >SAMBA Project Documentation</TH
76 NAME="PDB-MYSQL">Chapter 16. Passdb MySQL plugin</H1
82 NAME="AEN2566">16.1. Building</H1
84 >To build the plugin, run <B
86 >make bin/pdb_mysql.so</B
91 > directory of samba distribution. </P
93 >Next, copy pdb_mysql.so to any location you want. I
94 strongly recommend installing it in $PREFIX/lib or /usr/lib/samba/</P
101 NAME="AEN2572">16.2. Configuring</H1
103 >This plugin lacks some good documentation, but here is some short info:</P
105 >Add a the following to the <B
108 > variable in your <TT
113 CLASS="PROGRAMLISTING"
114 >passdb backend = [other-plugins] plugin:/location/to/pdb_mysql.so:identifier [other-plugins]</PRE
117 >The identifier can be any string you like, as long as it doesn't collide with
118 the identifiers of other plugins or other instances of pdb_mysql. If you
119 specify multiple pdb_mysql.so entries in 'passdb backend', you also need to
120 use different identifiers!</P
122 >Additional options can be given thru the smb.conf file in the [global] section.</P
125 CLASS="PROGRAMLISTING"
126 >identifier:mysql host - host name, defaults to 'localhost'
127 identifier:mysql password
128 identifier:mysql user - defaults to 'samba'
129 identifier:mysql database - defaults to 'samba'
130 identifier:mysql port - defaults to 3306
131 identifier:table - Name of the table containing users</PRE
138 >WARNING: since the password for the mysql user is stored in the
139 smb.conf file, you should make the the smb.conf file
140 readable only to the user that runs samba. This is considered a security
141 bug and will be fixed soon.</I
145 >Names of the columns in this table(I've added column types those columns should have first):</P
148 CLASS="PROGRAMLISTING"
149 >identifier:logon time column - int(9)
150 identifier:logoff time column - int(9)
151 identifier:kickoff time column - int(9)
152 identifier:pass last set time column - int(9)
153 identifier:pass can change time column - int(9)
154 identifier:pass must change time column - int(9)
155 identifier:username column - varchar(255) - unix username
156 identifier:domain column - varchar(255) - NT domain user is part of
157 identifier:nt username column - varchar(255) - NT username
158 identifier:fullname column - varchar(255) - Full name of user
159 identifier:home dir column - varchar(255) - Unix homedir path
160 identifier:dir drive column - varchar(2) - Directory drive path (eg: 'H:')
161 identifier:logon script column - varchar(255) - Batch file to run on client side when logging on
162 identifier:profile path column - varchar(255) - Path of profile
163 identifier:acct desc column - varchar(255) - Some ASCII NT user data
164 identifier:workstations column - varchar(255) - Workstations user can logon to (or NULL for all)
165 identifier:unknown string column - varchar(255) - unknown string
166 identifier:munged dial column - varchar(255) - ?
167 identifier:uid column - int(9) - Unix user ID (uid)
168 identifier:gid column - int(9) - Unix user group (gid)
169 identifier:user sid column - varchar(255) - NT user SID
170 identifier:group sid column - varchar(255) - NT group ID
171 identifier:lanman pass column - varchar(255) - encrypted lanman password
172 identifier:nt pass column - varchar(255) - encrypted nt passwd
173 identifier:plain pass column - varchar(255) - plaintext password
174 identifier:acct control column - int(9) - nt user data
175 identifier:unknown 3 column - int(9) - unknown
176 identifier:logon divs column - int(9) - ?
177 identifier:hours len column - int(9) - ?
178 identifier:unknown 5 column - int(9) - unknown
179 identifier:unknown 6 column - int(9) - unknown</PRE
182 >Eventually, you can put a colon (:) after the name of each column, which
183 should specify the column to update when updating the table. You can also
184 specify nothing behind the colon - then the data from the field will not be
192 NAME="AEN2589">16.3. Using plaintext passwords or encrypted password</H1
194 >I strongly discourage the use of plaintext passwords, however, you can use them:</P
196 >If you would like to use plaintext passwords, set 'identifier:lanman pass column' and 'identifier:nt pass column' to 'NULL' (without the quotes) and 'identifier:plain pass column' to the name of the column containing the plaintext passwords. </P
198 >If you use encrypted passwords, set the 'identifier:plain pass column' to 'NULL' (without the quotes). This is the default.</P
205 NAME="AEN2594">16.4. Getting non-column data from the table</H1
207 >It is possible to have not all data in the database and making some 'constant'.</P
209 >For example, you can set 'identifier:fullname column' to :
212 >CONCAT(First_name,' ',Sur_name)</B
215 >Or, set 'identifier:workstations column' to :
221 >See the MySQL documentation for more language constructs.</P
229 SUMMARY="Footer navigation table"
249 HREF="samba-howto-collection.html"
268 >Unified Logons between Windows NT and UNIX using Winbind</TD
282 >Passdb XML plugin</TD