Documents

Howtos —

This document describes the procedure on how to install and configure Samba to work with PostgreSQL on Fedora Core 5. The objective of this document is to enable Samba to serve as primary domain controller for Windows 98/ME/XP clients.

Prepare PostgreSQL

• Get an rpm version of PostgreSQL at http://download.fedora.redhat.com/pub/fedora/linux
• Install PostgreSQL and its dependencies by executing this command:
  `# rpm -Uvh postgresql-x.x.x.rpm postgresql-server-x.x.x.rpm postgresql-libs-x.x.x.rpm postgresql-devel-x.x.x.rpm'
• Let PostgreSQL initialize its own core structure, by executing this command:
  `# /etc/rc.d/init.d/postgresql start'
• Edit /var/lib/pgsql/data/pg_hba.conf, and add this entry:
  host all all 127.0.0.1 255.255.255.0 trust
• Permamently include PostgreSQL during system boot-up sequence by executing this:
  # /sbin/chkconfig --level 35 postgresql on

Prepare pam_pgsql

As of pam_pgsql-1.0.0.tgz, `# $HOME/download/make' won't work because ./pam_get_services.c don't have #include stdlib.h in it.

Reference: http://fcp.surfsite.org/modules/newbb/viewtopic.php?topic_id=27512&forum=10&post_id=117779

• Get an tgz version of pam_pgsql at http://pgfoundry.org/projects/sysauth
• Extract pam_pgsql at $HOME/download by executing this command:
  `# tar xvzf pam_pgsql-x.x.x.tgz'
• Build pam_pgsql by following the instruction found in $HOME/download/pam_pgsql/README file. For presentation purposes, here are the steps to build pam_pgsql:
  `# $HOME/download/configure'
  `# $HOME/download/make'
  `# $HOME/download/make install'
  
• Create /etc/pam_pgsql.conf file and add these entries:
  connectionstring = host=127.0.0.1 dbname=sysauth-pgsql user=postgres
  getpassword =
  SELECT passwd FROM passwd_table WHERE username = $1
  changepw =
  UPDATE passwd_table SET passwd = $2 WHERE username = $1
  isexpired =
  SELECT 1 FROM passwd_table WHERE username = $1 AND isexpired < NOW()
  newpassrequired =
  SELECT 1 FROM passwd_table WHERE username = $1 and newpass < NOW()
  
• Edit /etc/pam.d/samba file and add these entries:
  auth required pam_pgsql.so
  account required pam_pgsql.so
  session required pam_stack.so service=system-auth
  password required pam_pgsql.so
  

Prepare libnss-pgsql

As of libnss-pgsql-1.4.0.tgz, `# $HOME/download/make' won't work because ./src/backend.c has a header declaration of #include postgresql/libpq-fe.h instead of #include libpq-fe.h.

• Get an tgz version of libnss-pgsql at http://pgfoundry.org/projects/sysauth
• Extract libnss-pgsql at $HOME/download by executing this command:
  `# tar xvzf libnss-pgsql-x.x.x.tgz'
• Build libnss-pgsql by following the instruction found in $HOME/download/libnss-pgsql/README file. Suggested steps in building libnss-pgsql:
  `# $HOME/download/configure --libdir=/lib sysconfdir=/etc'
  `# $HOME/download/make'
  `# $HOME/download/make install'
  
• Create /etc/nss-pgsql.conf file and add these entries:
  connectionstring = host=127.0.0.1 dbname=sysauth-pgsql user=postgres
  getgroupmembersbygid =
  SELECT username
  FROM passwd_table WHERE gid = $1
  getpwnam =
  SELECT username, passwd, gecos, homedir, shell, uid, gid
  FROM passwd_table WHERE username = $1
  getpwuid =
  SELECT username, passwd, gecos, homedir, shell, uid, gid
  FROM passwd_table WHERE uid = $1
  allusers =
  SELECT username, passwd, gecos, homedir, shell, uid, gid
  FROM passwd_table
  getgrnam =
  SELECT groupname, passwd, gid FROM group_table WHERE groupname = $1
  getgrgid =
  SELECT groupname, passwd, gid FROM group_table WHERE gid = $1
  groups_dyn =
  SELECT ug.gid
  FROM passwd_table JOIN usergroups USING (uid)
  WHERE username = $1 and ug.gid <> $2
  allgroups =
  SELECT groupname, passwd, gid FROM group_table
  
• Edit /etc/nssswitch.conf file and add these entries:
  passwd: files pgsql
  group: files pgsql
  

Prepare database

• To create a new database, execute this command:
  `$ su -l postgres -c "createdb system-pgsql"'
  
  The following is the sql schema used by pam_pgsql and libnss-pgsql modules.
  CREATE SEQUENCE group_id MINVALUE 1000 MAXVALUE 2147483647 NO CYCLE;
  CREATE SEQUENCE user_id MINVALUE 1000 MAXVALUE 2147483647 NO CYCLE;
  CREATE TABLE "group_table" (
     "gid" int4 NOT NULL DEFAULT nextval('group_id'),
     "groupname" character varying(16) NOT NULL,
     "descr" character varying,
     "passwd" character varying(20),
     PRIMARY KEY ("gid")
  );
  CREATE TABLE "passwd_table" (
     "username" character varying(64) NOT NULL,
     "passwd" character varying(128) NOT NULL,
     "uid" int4 NOT NULL DEFAULT nextval('user_id'),
     "gid" int4 NOT NULL,
     "gecos" character varying(128),
     "homedir" character varying(256) NOT NULL,
     "shell" character varying DEFAULT '/bin/bash' NOT NULL,
     PRIMARY KEY ("uid")
  );
  CREATE TABLE "usergroups" (
     "gid" int4 NOT NULL,
     "uid" int4 NOT NULL,
     PRIMARY KEY ("gid", "uid"),
     CONSTRAINT "ug_gid_fkey" FOREIGN KEY ("gid") REFERENCES "group_table"("gid"),
     CONSTRAINT "ug_uid_fkey" FOREIGN KEY ("uid") REFERENCES "passwd_table"("uid")
  );
  CREATE TABLE "shadow_table" (
     "username" character varying(64) NOT NULL,
     "passwd" character varying(128) NOT NULL,
     "lastchange" int4 NOT NULL,
     "min" int4 NOT NULL,
     "max" int4 NOT NULL,
     "warn" int4 NOT NULL,
     "inact" int4 NOT NULL,
     "expire" int4 NOT NULL,
     "flag" int4 NOT NULL,
     PRIMARY KEY ("username")
  );
  

Install and configure Samba

• Get an rpm version of Samba at http://download.fedora.redhat.com/pub/fedora/linux
• Install Samba and its dependencies by executing this command:
  `# rpm -Uvh samba-x.x.x.rpm samba-common-x.x.x.rpm samba-client-x.x.x.rpm'
• Edit /etc/samba/smb.conf, and add these entries:
  [global]
  netbios name = NETBIOS_NAME
  workgroup = WORKGROUP
  server string = Samba PDC
  security = user
  hosts allow = 192.168.1.0/24
  log file = /var/log/samba/samba.log
  log level = 4
  max log size = 50
  encrypt passwords = no
  obey pam restrictions = yes
  local master = yes
  os level = 34
  domain master = yes
  preferred master = yes
  domain logons = yes
  logon script = logon.bat
  dns proxy = no
  [homes]
  comment = Home Directories
  browseable = no
  writable = yes
  guest ok = no
  [netlogon]
  comment = Network Logon Service
  path = /etc/samba/netlogon
  guest ok = yes
  writable = no
  share modes = no
  
• Create /etc/netlogon/logon.bat file and add this entry:
  net use F: /home
• Fire up Samba by executing this command:
  # /etc/rc.d/init.d/smb start
  
  To include Samba during system initialization, execute this:
  # /sbin/chkconfig --level 35 smb on