samba+mysql+pam authenticationl

ft ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

测试环境RHlinux as 2.1　用了一昼测试成功　：　）

step 1 configure mysql

插入一个root用户和test用户　设定passwd为“secretpw”　

insert the following SQL: CREATE DATABASE samba_auth;

CREATE TABLE users (
  uid int(6) NOT NULL auto_increment,
  gid int(6) DEFAULT '0' NOT NULL,
  last_name varchar(80) NOT NULL,
  first_name varchar(80) NOT NULL,
  login varchar(16) NOT NULL,
  date datetime DEFAULT '0000-00-00 00:00:00' NOT NULL,
  password varchar(16) NOT NULL,
  PRIMARY KEY (uid),
  KEY uid (uid),
  UNIQUE uid_2 (uid)
);

INSERT INTO users VALUES (
  '0', '0', 'account', 'root', 'root',
  'NOW()', ENCRYPT('secretpw'),
  '', '', '', 'n', '', 'n', '', '0', ''
);

INSERT INTO users VALUES (
  '1', '1', 'account', 'test', 'test',
  'NOW()', ENCRYPT('secretpw'),
  '', '', '', 'n', '', 'n', '', '0', ''
);


step 2.configure pam

pam_mysql 选项

user(nobody) -- The user with access to the open the connection to mysql and has permission to read the table with the passwords.

passwd("") -- Password for the same.

host(localhost) -- Machine that is running the sql server

db(mysql) -- database that contents the table with the user/password combos

table(user) -- table that you want to use for the user/password checking

usercolumn(User) -- column that has the username field

passwdcolumn(password) -- column that has the password field

crypt=0：表示使用明文来存储密码，
crypt=1：使用的DES加密密码方式来存储（cypt()相当于/etc/passwd or /etc/shadow）
crypt=2：表示使用mysql的SQL函数password()加密方式来存储。PAM的文件：

/usr/lib/libpam.so.* PAM核心库
/etc/pam.conf或者/etc/pam.d/ PAM配置文件
/usr/lib/security/pam_*.so 可动态加载的PAM service module
对于RedHat，其目录不是/usr/lib，而是/lib。

这里我使用cyrpt=1的认证机制～

在/etc/pam.d/samba中加入
samba     auth           required     pam_mysql.so     user=root passwd=secretpw
->; db=samba_auth table=users usercolumn=login crypt=1
samba     account           required     pam_mysql.so     user=root passwd=secretpw
->; db=samba_auth table=users usercolumn=login crypt=1
samba     password     required     pam_mysql.so     user=root passwd=secretpw
->; db=samba_auth table=users usercolumn=login crypt=1
samba     session           required     pam_mysql.so     user=root passwd=secretpw
->; db=samba_auth table=users usercolumn=login crypt=1
使samba支持pam认证


Step 3: Configure Samba

# Global parameters
[global]
    workgroup = WORKGROUP-NAME
    server string = ppserver
    security = USER
    #must be set to 'no' to use PAM
    encrypt passwords = No
    update encrypted = No
    allow trusted domains = Yes
    min password length = 6
    null passwords = No
    revalidate = No
[homes]
    valid users = sample
    writeable = Yes

[www]
    path = /www
    valid users = sample
    force group = http
    writeable = Yes

[public]
    path = /samba/public
    valid users = sample
    writeable = Yes
    guest ok = No

用smbclient 测试一下

smbclient ////localhost//sample

会提示你输入密码，input "secretpw"呵呵大功告成～

上一篇：网吧无盘技术

下一篇：想问一下samba具体的smb.conf文件怎样

昵称 (必填)

验证码 (必填)