[Samba] SAMBA+PDC+Mysql authentication Backend
Collen Blijenberg
collen at hermanjordan.nl
Mon Jun 15 06:59:11 GMT 2009
Hi Pablo,
First i like to mention that the sql backend might not be the smartest
choice of backends.
in your debug you attached you'll see an mysql error:
[2009/06/12 15:53:01, 0] pdb_mysql.c:mysqlsam_replace_sam_account(415)
Error executing UPDATE user SET WHERE user_sid = 'S-1-5-21-2398918909-2979869015-1347180298-1234', You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE user_sid = 'S-1-5-21-2398918909-2979869015-1347180298-1234'' at line 1
that is because the query isn't right ('update user set where', it
should be 'update user set XXXX where user_sid'....)
try commenting out all the mysql things (in your smb.conf) except the:
- Backend
- host
- user
- pass
and - database.
the rest is pre defined in the backend it's self..
but like i said, the sql backend lacks some good things and you might
be better off with ldap or the pdb backend.
also the sql backend only works with 3.0.x and 3.2.x
the project needs new developers to bring it to a higher plan...
good luck with it... Greets. Collen
ps. i think you might post sql related stuff in pdbsql mailing list,
rather then the samba list...
Pablo Camera wrote:
> I ne w in samba world but i was configured a Samba with shares folder linkable to users and it was successfull.
>
> Now i try to extend to PDC but the client can't logon into the server:
>
> the log.smbd could this
>
>
> [2009/06/12 15:51:21, 0] smbd/server.c:main(1209)
> smbd version 3.2.3 started.
> Copyright Andrew Tridgell and the Samba Team 1992-2008
> [2009/06/12 15:51:21, 1] pdb_mysql.c:mysqlsam_init(607)
> Connecting to database server, host: localhost, user: samba, database: samba_auth, port: 3306
> [2009/06/12 15:52:58, 0] rpc_server/srv_netlog_nt.c:get_md4pw(331)
> get_md4pw: Workstation MULTI$: BDC secure channel requested but not a server trust account
> [2009/06/12 15:52:58, 0] rpc_server/srv_netlog_nt.c:_netr_ServerAuthenticate2(502)
> _netr_ServerAuthenticate2: failed to get machine password for account MULTI$: NT_STATUS_NO_TRUST_SAM_ACCOUNT
> [2009/06/12 15:52:58, 0] rpc_server/srv_netlog_nt.c:get_md4pw(331)
> get_md4pw: Workstation MULTI$: BDC secure channel requested but not a server trust account
> [2009/06/12 15:52:58, 0] rpc_server/srv_netlog_nt.c:_netr_ServerAuthenticate2(502)
> _netr_ServerAuthenticate2: failed to get machine password for account MULTI$: NT_STATUS_NO_TRUST_SAM_ACCOUNT
> [2009/06/12 15:53:01, 0] pdb_mysql.c:mysqlsam_replace_sam_account(415)
> Error executing UPDATE user SET WHERE user_sid = 'S-1-5-21-2398918909-2979869015-1347180298-1234', You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE user_sid = 'S-1-5-21-2398918909-2979869015-1347180298-1234'' at line 1
>
> My smb.conf is this.
>
> [global]
> workgroup = MULTI
> netbios name = MULTI
> security = user
>
> #Modificaciones para hacer de samba un PDC
> os level = 64
> preferred master = yes
> domain master = yes
> local master = yes
> domain logons = yes
> logon path = \\%N\%u
> logon drive = H:
> logon home = \\multi\%u\perfil
> logon script = %u.bdat
> add user script = /usr/local/samba/bin/./pdbedit -a "%u"
> #add user to group script = /usr/sbin/groupmod -m "%u" "%g"
> add machine script = /usr/local/samba/bin/./pdbedit -am "%m"
> delete user script = /usr/local/samba/bin/./pdbedit -x "%u"
> #delete group script = /usr/sbin/groupdel "%g"
> #delete user from group script = /usr/sbin/groupmod -x "%u" "%g"
> #set primary group script = /usr/sbin/usermod -g "%g" "%u"
> passwd program = /usr/local/samba/bin/./pdbedit -am "%u"
> passwd chat = *New*password* %n\n *Retype*new*password* %n\n *all*authentication*tokens*updated*
> idmap uid = 10000-15000
> idmap gid = 10000-15000
>
> #Para enviar password
> #lanman auth = Yes
> #ntlm auth = No
> #lm announce = Yes
> #client lanman auth = Yes
> #Fin de password
>
> #Fin de Modificaciones para PDC
>
> #Mapeo de usuarios
> username map = /usr/local/samba/lib/smbusers
> #Fin de Mapeo de usuarios
>
> obey pam restrictions = Yes
> #Ultimo cambio de yes a no
> encrypt passwords = yes
> #fin cambio
> update encrypted = no
>
> #client lanman auth = yes
> #client plaintext auth = yes
>
> #Para Autenticar usuarios
> passdb backend = mysql:mysql
> mysql:mysql host = localhost
> mysql:mysql user = samba
> mysql:mysql password =
> mysql:mysql database = samba_auth
> mysql:fullname column = nt_fullname:
> mysql:domain column = 'multi':
> mysql:lanman pass column = NULL:
> mysql:nt pass column = NULL:
> mysql:plain pass column = plain_pw:
> mysql:unknown_3 column = NULL
> mysql:sid column = user_sid
> mysql:nt username column = nt_username
> #mysql:nt pass
> smb passwd file = /etc/samba/private/smbpasswd
> #Fin de Autenticacion de Usuarios
>
> #Para PDC
> [netlogon]
> path = /home/netlogon
> read only = yes
> write list = ntadmin
>
> [profiles]
> path = /usr/local/samba/ntprofile
> writeable = yes
> create mask = 0600
> directory mask = 0700
>
> #Fin PDC
>
>
>
> [homes]
> comment = Home Directories;
> path = /home/%U
> browseable = yes
> valid users = %U
> writable = yes
>
> [Grupo]
> comment = Grupo de usuarios
> path = /grupo
> browseable = yes
> writable = yes
> valid users = usuario1
> force user = nobody
> force group = nogroup
>
> [multi]
> comment=Carpeta privada de..
> path=/usuario_grupo/multi
> browseable=yes
> writable=yes
> valid users= juanpablo sonia yeruti
> create mask = 0777
> directory mask = 0777
>
> and my mysql database samba_auth dump is
>
> -- phpMyAdmin SQL Dump
> -- version 3.1.5
> -- http://www.phpmyadmin.net
> --
> -- Host: localhost
> -- Generation Time: Jun 12, 2009 at 04:00 PM
> -- Server version: 5.0.51
> -- PHP Version: 5.2.4-2ubuntu5.6
>
> SET SQL_MODE="NO_AUTO_VALUE_ON_ZERO";
>
> --
> -- Database: `samba_auth`
> --
>
> -- --------------------------------------------------------
>
> --
> -- Table structure for table `user`
> --
>
> CREATE TABLE IF NOT EXISTS `user` (
> `logon_time` int(9) default NULL,
> `logoff_time` int(9) default NULL,
> `kickoff_time` int(9) default NULL,
> `pass_last_set_time` int(9) default NULL,
> `pass_can_change_time` int(9) default '0',
> `pass_must_change_time` int(9) default '2147483647',
> `username` varchar(255) default NULL,
> `domain` varchar(255) default NULL,
> `nt_username` varchar(255) default NULL,
> `nt_fullname` varchar(255) default NULL,
> `home_dir` varchar(255) default NULL,
> `dir_drive` varchar(4) default NULL,
> `logon_script` varchar(255) default NULL,
> `profile_path` varchar(255) default NULL,
> `acct_desc` varchar(255) default NULL,
> `workstations` varchar(255) default NULL,
> `unknown_str` varchar(255) default NULL,
> `munged_dial` varchar(255) default NULL,
> `uid` int(9) NOT NULL auto_increment,
> `gid` int(9) default NULL,
> `user_sid` varchar(255) default NULL,
> `group_sid` varchar(255) default NULL,
> `lm_pw` varchar(255) default NULL,
> `nt_pw` varchar(255) default NULL,
> `acct_ctrl` int(9) default '528',
> `logon_divs` int(9) default '168',
> `hours_len` int(9) default '21',
> `unknown_6` int(9) default '1260',
> `bad_password_count` int(9) default NULL,
> `logon_count` int(9) default '0',
> `logon_hours` varchar(42) default NULL,
> `password_history` text,
> `palin_pw` varchar(255) default NULL,
> `plain_pw` varchar(255) default NULL,
> PRIMARY KEY (`uid`),
> KEY `username` (`username`)
> ) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=13009 ;
>
> --
> -- Dumping data for table `user`
> --
>
> INSERT INTO `user` (`logon_time`, `logoff_time`, `kickoff_time`, `pass_last_set_time`, `pass_can_change_time`, `pass_must_change_time`, `username`, `domain`, `nt_username`, `nt_fullname`, `home_dir`, `dir_drive`, `logon_script`, `profile_path`, `acct_desc`, `workstations`, `unknown_str`, `munged_dial`, `uid`, `gid`, `user_sid`, `group_sid`, `lm_pw`, `nt_pw`, `acct_ctrl`, `logon_divs`, `hours_len`, `unknown_6`, `bad_password_count`, `logon_count`, `logon_hours`, `password_history`, `palin_pw`, `plain_pw`) VALUES
> (0, 2147483647, 2147483647, 1244679702, 1244679702, 2147483647, 'juanpablo', NULL, NULL, NULL, '\\\\multi\\home\\juanpablo', NULL, NULL, '\\\\multi\\home\\juanpablo\\profile', NULL, NULL, NULL, NULL, 13005, NULL, 'S-1-5-21-2398918909-2979869015-1347180298-1226', 'S-1-5-21-2398918909-2979869015-1347180298-513', NULL, NULL, 16, 168, 21, 1260, NULL, 0, 'ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ', '31D6CFE0D16AE931B73C59D7E0C089C0', NULL, '123456'),
> (0, 2147483647, 2147483647, 1244836148, 1244679704, 2147483647, 'yeruti', 'MULTI', NULL, NULL, '\\\\multi\\yeruti', NULL, NULL, '\\\\multi\\yeruti\\profile', NULL, NULL, NULL, NULL, 32, NULL, 'S-1-5-21-2398918909-2979869015-1347180298-1228', 'S-1-5-21-2398918909-2979869015-1347180298-513', NULL, NULL, 16, 168, 21, 1260, NULL, 0, 'ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ', '31D6CFE0D16AE931B73C59D7E0C089C0', NULL, '654321'),
> (0, 2147483647, 2147483647, 1244727087, 1244679705, 2147483647, 'fulano', 'MULTI', NULL, NULL, '\\\\multi\\fulano', NULL, NULL, '\\\\multi\\fulano\\profile', NULL, NULL, NULL, NULL, 33, NULL, 'S-1-5-21-2398918909-2979869015-1347180298-1230', 'S-1-5-21-2398918909-2979869015-1347180298-513', NULL, NULL, 16, 168, 21, 1260, NULL, 0, 'ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ', '31D6CFE0D16AE931B73C59D7E0C089C0', NULL, '456789'),
> (0, 2147483647, 2147483647, 1244679706, 1244679706, 2147483647, 'sonia', NULL, NULL, NULL, '\\\\multi\\sonia', NULL, NULL, '\\\\multi\\sonia\\profile', NULL, NULL, NULL, NULL, 34, NULL, 'S-1-5-21-2398918909-2979869015-1347180298-1232', 'S-1-5-21-2398918909-2979869015-1347180298-513', NULL, NULL, 16, 168, 21, 1260, NULL, 0, 'ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ', '31D6CFE0D16AE931B73C59D7E0C089C0', NULL, '123456789'),
> (0, 2147483647, 2147483647, 1244732302, 1244732302, 2147483647, 'root', NULL, NULL, NULL, '\\\\multi\\root\\perfil', 'H:', 'root.bdat', '\\\\multi\\root', NULL, NULL, NULL, NULL, 13002, NULL, 'S-1-5-21-2398918909-2979869015-1347180298-1000', 'S-1-5-21-2398918909-2979869015-1347180298-513', NULL, NULL, 16, 168, 21, 1260, NULL, 0, 'ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ', '765A0C5EF4F663C750AC4433E136915F', NULL, '29881111'),
> (0, 2147483647, 2147483647, 1244831051, 1244831051, 2147483647, 'multi$', NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, 13008, NULL, 'S-1-5-21-2398918909-2979869015-1347180298-1234', 'S-1-5-21-2398918909-2979869015-1347180298-513', '123456', '123456', 128, 168, 21, 1260, NULL, 0, 'ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ', 'EFBCE5C663A37FC0850ED4FBDF0369C1', NULL, '123456');
>
> Can you explain me why I wasn't logon into server as PDC client.
>
>
> Thnaks and Luck
>
> _________________________________________________________________
> Discover the new Windows Vista
> http://search.msn.com/results.aspx?q=windows+vista&mkt=en-US&form=QBRE--
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list