This commit was manufactured by cvs2svn to create branch 'SAMBA_3_0'.(This used to...

[kai/samba.git] / docs / htmldocs / pdb-mysql.html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML
><HEAD
><TITLE
>Passdb MySQL plugin</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
"><LINK
REL="HOME"
TITLE="SAMBA Project Documentation"
HREF="samba-howto-collection.html"><LINK
REL="UP"
TITLE="Optional configuration"
HREF="optional.html"><LINK
REL="PREVIOUS"
TITLE="Unified Logons between Windows NT and UNIX using Winbind"
HREF="winbind.html"><LINK
REL="NEXT"
TITLE="Passdb XML plugin"
HREF="pdb-xml.html"></HEAD
><BODY
CLASS="CHAPTER"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="NAVHEADER"
><TABLE
SUMMARY="Header navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TH
COLSPAN="3"
ALIGN="center"
>SAMBA Project Documentation</TH
></TR
><TR
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="winbind.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="80%"
ALIGN="center"
VALIGN="bottom"
></TD
><TD
WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
><A
HREF="pdb-xml.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="100%"></DIV
><DIV
CLASS="CHAPTER"
><H1
><A
NAME="PDB-MYSQL">Chapter 16. Passdb MySQL plugin</H1
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN2566">16.1. Building</H1
><P
>To build the plugin, run <B
CLASS="COMMAND"
>make bin/pdb_mysql.so</B
>
in the <TT
CLASS="FILENAME"
>source/</TT
> directory of samba distribution. </P
><P
>Next, copy pdb_mysql.so to any location you want. I 
strongly recommend installing it in $PREFIX/lib or /usr/lib/samba/</P
></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN2572">16.2. Configuring</H1
><P
>This plugin lacks some good documentation, but here is some short info:</P
><P
>Add a the following to the <B
CLASS="COMMAND"
>passdb backend</B
> variable in your <TT
CLASS="FILENAME"
>smb.conf</TT
>:
<PRE
CLASS="PROGRAMLISTING"
>passdb backend = [other-plugins] plugin:/location/to/pdb_mysql.so:identifier [other-plugins]</PRE
></P
><P
>The identifier can be any string you like, as long as it doesn't collide with 
the identifiers of other plugins or other instances of pdb_mysql. If you 
specify multiple pdb_mysql.so entries in 'passdb backend', you also need to 
use different identifiers!</P
><P
>Additional options can be given thru the smb.conf file in the [global] section.</P
><P
><PRE
CLASS="PROGRAMLISTING"
>identifier:mysql host                     - host name, defaults to 'localhost'
identifier:mysql password
identifier:mysql user                     - defaults to 'samba'
identifier:mysql database                 - defaults to 'samba'
identifier:mysql port                     - defaults to 3306
identifier:table                          - Name of the table containing users</PRE
></P
><P
><SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>WARNING: since the password for the mysql user is stored in the 
smb.conf file, you should make the the smb.conf file 
readable only to the user that runs samba. This is considered a security 
bug and will be fixed soon.</I
></SPAN
></P
><P
>Names of the columns in this table(I've added column types those columns should have first):</P
><P
><PRE
CLASS="PROGRAMLISTING"
>identifier:logon time column             - int(9)
identifier:logoff time column            - int(9)
identifier:kickoff time column           - int(9)
identifier:pass last set time column     - int(9)
identifier:pass can change time column   - int(9)
identifier:pass must change time column  - int(9)
identifier:username column               - varchar(255) - unix username
identifier:domain column                 - varchar(255) - NT domain user is part of
identifier:nt username column            - varchar(255) - NT username
identifier:fullname column            - varchar(255) - Full name of user
identifier:home dir column               - varchar(255) - Unix homedir path
identifier:dir drive column              - varchar(2) - Directory drive path (eg: 'H:')
identifier:logon script column           - varchar(255) - Batch file to run on client side when logging on
identifier:profile path column           - varchar(255) - Path of profile
identifier:acct desc column              - varchar(255) - Some ASCII NT user data
identifier:workstations column           - varchar(255) - Workstations user can logon to (or NULL for all)
identifier:unknown string column         - varchar(255) - unknown string
identifier:munged dial column            - varchar(255) - ?
identifier:uid column                    - int(9) - Unix user ID (uid)
identifier:gid column                    - int(9) - Unix user group (gid)
identifier:user sid column               - varchar(255) - NT user SID
identifier:group sid column              - varchar(255) - NT group ID
identifier:lanman pass column            - varchar(255) - encrypted lanman password
identifier:nt pass column                - varchar(255) - encrypted nt passwd
identifier:plain pass column             - varchar(255) - plaintext password
identifier:acct control column           - int(9) - nt user data
identifier:unknown 3 column              - int(9) - unknown
identifier:logon divs column             - int(9) - ?
identifier:hours len column              - int(9) - ?
identifier:unknown 5 column              - int(9) - unknown
identifier:unknown 6 column              - int(9) - unknown</PRE
></P
><P
>Eventually, you can put a colon (:) after the name of each column, which 
should specify the column to update when updating the table. You can also
specify nothing behind the colon - then the data from the field will not be 
updated. </P
></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN2589">16.3. Using plaintext passwords or encrypted password</H1
><P
>I strongly discourage the use of plaintext passwords, however, you can use them:</P
><P
>If you would like to use plaintext passwords, set 'identifier:lanman pass column' and 'identifier:nt pass column' to 'NULL' (without the quotes) and 'identifier:plain pass column' to the name of the column containing the plaintext passwords. </P
><P
>If you use encrypted passwords, set the 'identifier:plain pass column' to 'NULL' (without the quotes). This is the default.</P
></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN2594">16.4. Getting non-column data from the table</H1
><P
>It is possible to have not all data in the database and making some 'constant'.</P
><P
>For example, you can set 'identifier:fullname column' to : 
<B
CLASS="COMMAND"
>CONCAT(First_name,' ',Sur_name)</B
></P
><P
>Or, set 'identifier:workstations column' to :
<B
CLASS="COMMAND"
>NULL</B
></P
><P
>See the MySQL documentation for more language constructs.</P
></DIV
></DIV
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
SUMMARY="Footer navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="winbind.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="samba-howto-collection.html"
ACCESSKEY="H"
>Home</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="pdb-xml.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>Unified Logons between Windows NT and UNIX using Winbind</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="optional.html"
ACCESSKEY="U"
>Up</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>Passdb XML plugin</TD
></TR
></TABLE
></DIV
></BODY
></HTML
>