summaryrefslogtreecommitdiff
path: root/docs/smbdotconf/security/passdbbackend.xml
blob: d8fc6cd48810cb8ccec18939f5f0cea400c5d9f9 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
<samba:parameter name="passdb backend"
                 context="G"
				 type="list"
                 advanced="1" developer="1"
		 xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>

    <para>This option allows the administrator to chose which backends
    to retrieve and store passwords with. This allows (for example) both 
    smbpasswd and tdbsam to be used without a recompile. Multiple
    backends can be specified, separated by spaces. The backends will be
    searched in the order they are specified. New users are always added
	to the first backend specified. </para>

    <para>This parameter is in two parts, the backend's name, and a 'location'
    string that has meaning only to that particular backed.  These are separated
    by a : character.</para>

    <para>Available backends can include:
	<itemizedlist>
	    <listitem>
		<para><command moreinfo="none">smbpasswd</command> - The default smbpasswd
		backend. Takes a path to the smbpasswd file as an optional argument.
		</para>
	    </listitem>
			
	    <listitem>
		<para><command moreinfo="none">tdbsam</command> - The TDB based password storage
                backend.  Takes a path to the TDB as an optional argument (defaults to passdb.tdb 
                in the <link linkend="PRIVATEDIR">
                <parameter moreinfo="none">private dir</parameter></link> directory.</para>
	    </listitem>
			
	    <listitem>
		<para><command moreinfo="none">ldapsam</command> - The LDAP based passdb 
                backend.  Takes an LDAP URL as an optional argument (defaults to 
                <command moreinfo="none">ldap://localhost</command>)</para>
			
		<para>LDAP connections should be secured where possible.  This may be done using either
                Start-TLS (see <link linkend="LDAPSSL"><parameter moreinfo="none">ldap ssl</parameter></link>) or by
                specifying <parameter moreinfo="none">ldaps://</parameter> in
                the URL argument. </para>

                <para>Multiple servers may also be specified in double-quotes, if your
                LDAP libraries supports the LDAP URL notation.
                (OpenLDAP does).   
		</para>

	    </listitem>
			
	    <listitem>
		<para><command moreinfo="none">nisplussam</command> -
		The NIS+ based passdb backend. Takes name NIS domain as
		an optional argument. Only works with sun NIS+ servers.
		</para>
	    </listitem>

		<listitem>
		<para><command moreinfo="none">mysql</command> - 
		The MySQL based passdb backend. Takes an identifier as 
		argument. Read the Samba HOWTO Collection for configuration
		details.
		</para></listitem>

	</itemizedlist>
    </para>
</description>

<value type="default">smbpasswd</value>

<value type="example">tdbsam:/etc/samba/private/passdb.tdb smbpasswd:/etc/samba/smbpasswd</value>

<value type="example">ldapsam:ldaps://ldap.example.com</value>

<value type="example">ldapsam:"ldap://ldap-1.example.com ldap://ldap-2.example.com"</value>

<value type="example">mysql:my_plugin_args tdbsam</value>
</samba:parameter>