From 17a2af0212ea65cba92ea3e74905b8470404464c Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 4 Feb 2006 09:57:59 +0000 Subject: Remove references to sql and xml modules from the Samba3-HOWTO (This used to be commit e10113c851ba8f9b1160cc4382e6ab5d53f2f3ac) --- docs/Samba3-HOWTO/TOSHARG-NT4Migration.xml | 5 +- docs/Samba3-HOWTO/TOSHARG-Passdb.xml | 273 +---------------------------- 2 files changed, 4 insertions(+), 274 deletions(-) diff --git a/docs/Samba3-HOWTO/TOSHARG-NT4Migration.xml b/docs/Samba3-HOWTO/TOSHARG-NT4Migration.xml index bf5a0899f1..172911127d 100644 --- a/docs/Samba3-HOWTO/TOSHARG-NT4Migration.xml +++ b/docs/Samba3-HOWTO/TOSHARG-NT4Migration.xml @@ -116,7 +116,6 @@ include: backend authentication tdbsam ldapsam -mysqlsam single-sign-on distribute authentication systems @@ -128,7 +127,7 @@ include: Creation of on-the-fly policy files. Greater stability, reliability, performance, and availability. Manageability via an SSH connection. - Flexible choices of backend authentication technologies (tdbsam, ldapsam, mysqlsam). + Flexible choices of backend authentication technologies (tdbsam, ldapsam). Ability to implement a full single-sign-on architecture. Ability to distribute authentication systems for absolute minimum wide-area network bandwidth demand. @@ -517,7 +516,7 @@ being contemplated. External server could use Active Directory or NT4 domain. Can use pam_mkhomedir.so to autocreate home directories. Samba-3 can use a local authentication backend: smbpasswd, - tdbsam, ldapsam, mysqlsam + tdbsam, ldapsam diff --git a/docs/Samba3-HOWTO/TOSHARG-Passdb.xml b/docs/Samba3-HOWTO/TOSHARG-Passdb.xml index 087f0ebf00..27128e73ec 100644 --- a/docs/Samba3-HOWTO/TOSHARG-Passdb.xml +++ b/docs/Samba3-HOWTO/TOSHARG-Passdb.xml @@ -147,8 +147,6 @@ as follows: Samba-3 introduces a number of new password backend capabilities. SAM backendtdbsam SAM backendldapsam -SAM backendmysqlsam -SAM backendxmlsam @@ -225,45 +223,6 @@ Samba-3 introduces a number of new password backend capabilities. - mysqlsam (MySQL-based backend) - - -MySQL-based SAM -database backend -mysqlsam - It is expected that the MySQL-based SAM will be very popular in some corners. - This database backend will be of considerable interest to sites that want to - leverage existing MySQL technology. - - - - - pgsqlsam (PostGreSQL-based backend) - - -PostgreSQL database -mysqlsam - Makes use of a PostgreSQL database to store account information. This backend is largely undocumented at - the moment, though its configuration is very similar to that of the mysqlsam backend. - - - - - xmlsam (XML-based datafile) - - -pdbedit -XML format -pdb2pdb - Allows the account and password data to be stored in an XML format - data file. This backend cannot be used for normal operation, it can only - be used in conjunction with pdbedit's pdb2pdb - functionality. The Document Type Definition (DTD) file that is used - might be subject to changes in the future. (See the XML reference for a definition - of XML terms.) - - account migration database backends @@ -319,7 +278,7 @@ Samba-3 introduces a number of new password backend capabilities. user that is not stored in a UNIX user database: for example, workstations the user may logon from, the location where the user's profile is stored, and so on. Samba retrieves and stores this information using a . Commonly available backends are LDAP, - tdbsam, plain text file, and MySQL. For more information, see the man page for &smb.conf; regarding the + tdbsam, and plain text file. For more information, see the man page for &smb.conf; regarding the parameter. @@ -352,7 +311,6 @@ Samba-3 introduces a number of new password backend capabilities. clear-text passwords hashed password equivalent LDAP -MYSQL secret The UNIX and SMB password encryption techniques seem similar on the surface. This similarity is, however, only skin deep. The UNIX scheme typically sends clear-text @@ -363,7 +321,7 @@ Samba-3 introduces a number of new password backend capabilities. they could potentially be used in a modified client to gain access to a server. This would require considerable technical knowledge on behalf of the attacker but is perfectly possible. You should therefore treat the data stored in whatever passdb - backend you use (smbpasswd file, LDAP, MYSQL) as though it contained the clear-text + backend you use (smbpasswd file, LDAP) as though it contained the clear-text passwords of all your users. Its contents must be kept secret, and the file should be protected accordingly. @@ -2708,233 +2666,6 @@ sambaNTPassword: 878D8014606CDA29677A44EFA1353FC7 - - MySQL - - - SAM backendmysqlsam -SQL backend - Every so often someone comes along with what seems (to them) like a great new idea. Storing user accounts - in an SQL backend is one of them. Those who want to do this are in the best position to know what the - specific benefits are to them. This may sound like a cop-out, but in truth we cannot document - every little detail of why certain things of marginal utility to the bulk of Samba users might make sense - to the rest. In any case, the following instructions should help the determined SQL user to implement a - working system. These account storage methods are not actively maintained by the Samba Team. - - - - Creating the Database - - -MySQL - You can set up your own table and specify the field names to pdb_mysql (see - MySQL field names for MySQL passdb backend for - the column names) or use the default table. The file - examples/pdb/mysql/mysql.dump contains the correct queries to - create the required tables. Use the command: - -&rootprompt;mysql -uusername -hhostname -ppassword \ - databasename < /path/to/samba/examples/pdb/mysql/mysql.dump - - - - - - Configuring - - This plug-in lacks some good documentation, but here is some brief information. Add the following to the - variable in your &smb.conf;: - -[other-plugins] mysql:identifier [other-plugins] - - - - The identifier can be any string you like, as long as it does not collide with - the identifiers of other plugins or other instances of pdb_mysql. If you - specify multiple pdb_mysql.so entries in , you also need to - use different identifiers. - - - - Additional options can be given through the &smb.conf; file in the section. - Refer to Basic smb.conf Options for MySQL passdb Backend. - - - - Basic smb.conf Options for MySQL passdb Backend - - - - - FieldContents - - - mysql hostHost name, defaults to `localhost' - mysql password - mysql userDefaults to `samba' - mysql databaseDefaults to `samba' - mysql portDefaults to 3306 - tableName of the table containing the users - - -
- - - - Since the password for the MySQL user is stored in the &smb.conf; file, you should make the &smb.conf; file - readable only to the user who runs Samba. This is considered a security bug and will soon be fixed. - - - - Names of the columns are given in MySQL field names for MySQL - passdb backend. The default column names can be found in the example table dump. - - - - - MySQL field names for MySQL passdb backend - - - - - - FieldTypeContents - - - logon time columnint(9)UNIX timestamp of last logon of user - logoff time columnint(9)UNIX timestamp of last logoff of user - kickoff time columnint(9)UNIX timestamp of moment user should be kicked off workstation (not enforced) - pass last set time columnint(9)UNIX timestamp of moment password was last set - pass can change time columnint(9)UNIX timestamp of moment from which password can be changed - pass must change time columnint(9)UNIX timestamp of moment on which password must be changed - username columnvarchar(255)UNIX username - domain columnvarchar(255)NT domain user belongs to - nt username columnvarchar(255)NT username - fullname columnvarchar(255)Full name of user - home dir columnvarchar(255)UNIX homedir path (equivalent of the parameter. - dir drive columnvarchar(2)Directory drive path (e.g., H:) - logon script columnvarchar(255)Batch file to run on client side when logging on - profile path columnvarchar(255)Path of profile - acct desc columnvarchar(255)Some ASCII NT user data - workstations columnvarchar(255)Workstations user can logon to (or NULL for all) - unknown string columnvarchar(255)Unknown string - munged dial columnvarchar(255)Unknown - user sid columnvarchar(255)NT user SID - group sid columnvarchar(255)NT group SID - lanman pass columnvarchar(255)Encrypted lanman password - nt pass columnvarchar(255)Encrypted nt passwd - plain pass columnvarchar(255)Plaintext password - acct ctrl columnint(9)NT user data - unknown 3 columnint(9)Unknown - logon divs columnint(9)Unknown - hours len columnint(9)Unknown - bad password count columnint(5)Number of failed password tries before disabling an account - logon count columnint(5)Number of logon attempts - unknown 6 columnint(9)Unknown - -
-
- - - You can put a colon (:) after the name of each column, which - should specify the column to update when updating the table. You can also specify nothing behind the colon, in which case the field data will not be updated. Setting a column name to NULL means the field should not be used. - - - An example configuration is shown in Example Configuration for the MySQL passdb Backend. - - - - Example Configuration for the MySQL passdb Backend - - - mysql:foo - samba - abmas - samba - domain name is static and can't be changed - 'MYWORKGROUP': - The fullname column comes from several other columns - CONCAT(firstname,' ',surname): - Samba should never write to the password columns - lm_pass: - nt_pass: - The unknown 3 column is not stored - NULL - - -
- - - Using Plaintext Passwords or Encrypted Password - - -encrypted passwords - I strongly discourage the use of plaintext passwords; however, you can use them. - - - -plaintext passwords - If you would like to use plaintext passwords, set - `identifier:lanman pass column' and `identifier:nt pass column' to - `NULL' (without the quotes) and `identifier:plain pass column' to the - name of the column containing the plaintext passwords. - - - - If you use encrypted passwords, set the 'identifier:plain pass - column' to 'NULL' (without the quotes). This is the default. - - - - - - Getting Non-Column Data from the Table - - - It is possible to have not all data in the database by making some "constant." - - - - For example, you can set `identifier:fullname column' to - something like CONCAT(Firstname,' ',Surname) - - - - Or, set `identifier:workstations column' to: - NULL. - - See the MySQL documentation for more language constructs. - - -
- - - XML - - -SAM backendxmlsam -libxml2 -pdb_xml - This module requires libxml2 to be installed. - - The usage of pdb_xml is fairly straightforward. To export data, use: - - - -pdbedit - $ pdbedit -e xml:filename - - - - where filename is the name of the file to put the data in. - - - - To import data, use: - $ pdbedit -i xml:filename - - -- cgit