zoukankan      html  css  js  c++  java
  • Samba authentication through PAM with MySQL

    Note: this assumes you have Samba, mySQL and pam_mysql already installed and running on FreeBSD 4.0 or greater The following describes how to setup Samba, PAM, and mySQL such that Samba users are authenticated through MySQL using PAM.

    You can obtain pam_mysql from the link above, or you can install it from the ports: /usr/ports/security/pam-mysql.

    by: randall s. ehren


    Step 1: Configure MySQL
    The following inserts the root user and a sample user both with a password of "secretpw". The password encryption is done via MySQL's ENCRYPT function. insert the following SQL:
    CREATE DATABASE samba_auth;

    CREATE TABLE users (
      uid int(6) NOT NULL auto_increment,
      gid int(6) DEFAULT '0' NOT NULL,
      last_name varchar(80) NOT NULL,
      first_name varchar(80) NOT NULL,
      login varchar(16) NOT NULL,
      date datetime DEFAULT '0000-00-00 00:00:00' NOT NULL,
      password varchar(16) NOT NULL,
      PRIMARY KEY (uid),
      KEY uid (uid),
      UNIQUE uid_2 (uid)
    );

    INSERT INTO users VALUES (
      '0', '0', 'account', 'root', 'root',
      'NOW()', ENCRYPT('secretpw')
    );

    INSERT INTO users VALUES (
      '1', '1', 'account', 'sample', 'sample',
      'NOW()', ENCRYPT('secretpw') );

    Step 2: Configure PAM
    pam_mysql has the following configuration options available:(options in parentheses are defaults)
    • user(nobody) -- The user with access to the open the connection to mysql and has permission to read the table with the passwords.
    • passwd("") -- Password for the same.
    • host(localhost) -- Machine that is running the sql server
    • db(mysql) -- database that contents the table with the user/password combos
    • table(user) -- table that you want to use for the user/password checking
    • usercolumn(User) -- column that has the username field
    • passwdcolumn(password) -- column that has the password field
    • crypt(0) -- Used to decide to use MySQL's PASSWORD() function or crypt()
       0 = No encryption. Passwords in database in plaintext. NOT recommended!
       1 = Use crypt
       2 = Use MySQL PASSWORD() function

    Append the following to your /etc/pam.conf file

    samba auth     required    pam_mysql.so   user=root passwd=secretpw 
    -> db=samba_auth table=users usercolumn=login crypt=1
    samba account required pam_mysql.so user=root passwd=secretpw
    -> db=samba_auth table=users usercolumn=login crypt=1
    samba password required pam_mysql.so user=root passwd=secretpw
    -> db=samba_auth table=users usercolumn=login crypt=1
    samba session required pam_mysql.so user=root passwd=secretpw
    -> db=samba_auth table=users usercolumn=login crypt=1

    Step 3: Configure Samba
    the following is a sample smb.conf file
    # Samba config file 
    # Date: 2000/11/13 12:31:50

    # Global parameters
    [global]
    workgroup = WORKGROUP-NAME
    server string = samba file services at WORKGROUP-NAME
    security = USER
    #must be set to 'no' to use PAM
    encrypt passwords = No
    update encrypted = No
    allow trusted domains = Yes
    min password length = 6
    null passwords = No
    revalidate = No
    [homes]
    valid users = sample
    writeable = Yes

    [www]
    path = /www
    valid users = sample
    force group = http
    writeable = Yes

    [public]
    path = /samba/public
    valid users = sample
    writeable = Yes
    guest ok = No

    Step 4: Test
    Make sure MySQL and Samba are running. If Samba was running before restart it. Create a unix user called "sample" and login to that account. Use smbclient to test by doing the following:
    % smbclient \\\\localhost\\sample

    smbclient will then ask for a password, use 'secretpw', or whatever you made the password, then see if it works. You should be able to do an 'ls', 'mkdir', or 'cd' when you are in smbclient. You should also test this out on a Windows machine to make sure it works. If you aren't using Windows NT or 2000 make sure you 'log-in' to the machine as 'sample'.


  • 相关阅读:
    函数的随机梯度下降(固定函数与自定义函数随机梯度下降)
    常见六种随机变量分布可视化
    基于beautifulSoup进行电影网站排名的获取与格式化输出
    基于numpy实现矩阵计算器
    中文论文-LaTex模板
    论文阅读:Deformable ConvNets v2
    darknet loss可视化软件
    《为什么精英都是时间控》读书总结
    Window下Latex加速编译方法以及西农毕设论文模板推荐
    时间加数字问题
  • 原文地址:https://www.cnblogs.com/studio313/p/1830384.html
Copyright © 2011-2022 走看看