[Samba] Re: Samba with Mysql as backend and VIRTUAL users.

[Jacob Anawalt]

Alex,

It sounds like you are trying to do w/ the mysql database what some
organizations have done with NIS/YP or are doing with LDAP or MS Directory
Services. If you are using a system that includes PAM, you can reconfigure
your system to look to sources other than the password file for username
lookups.

I looked into this, toying with the idea of using LDAP to sync all my server
accounts and samba logins. There were modules to do this, but it seemed a
bit daunting for the few user accounts I was worried about. Perhaps it wont
be much longer before this process becomes more polished and the
documentation is refined.

Anyway, I've seen smb.config files that talk about syncing unix and samba
username/passwords. I've also read about the difference between unix
passwords and windows passwords and why in the LDAP structure there is a
space for the unix password and for the samba password, but I dont remember
the details now.

So, my suggestion is to look into samba with LDAP (lightweight directory
access protocol) and PAM (pluggable authentication module), or at least
samba with PAM and authenticating to a mysql db (google had a few hits w/
samba pam mysql). You may also want to look into stunnel or some ssh setup
so the mysql transactions for password lookups aren't in the clear. The LDAP
client is able to be configured to verify against SSL certificates to know
that the LDAP server is valid.

"Alex Pita" <newmail at softhome.net> wrote in message
news:3DF61A7F.6090304 at softhome.net...
> Hello samba experts,
>
> I want to configure samba with mysql as backend. I searched on google
> and i found some info about this subject but it seems to be not really
> what i nedd. I said this because i found few howtos about how to
> configure samba to read password from mysql database to authenticate
> users. Is good but not enough. I don't want shell users with different
> password for samba!!! I want ONLY VIRTUAL USERS (no one shell account)
> and al of them MUST resides in mysql database with all attributes (home
> directory, UID, GID, password, domain, etc).....
>
> Google said that my problem is not well documented and in the past was
> some tryes about this subject. I found also some info about samba and
> pam_mysql plugin. I've configured few weeks ago this plugin to
> authenticate users for postfix smtp, and everithing was ok. Actually, i
> want to do the same work with samba, but i don't know if samba-2.2.7
> support it.
>
> Can anybody point me to the right way? Some success stories about this
> subject will be appreciated.
>
> Thanks in advance,
>
> Alex Pita
>
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>