Gentoo Wiki


This article is part of the HOWTO series.
Installation Kernel & Hardware Networks Portage Software System X Server Gaming Non-x86 Emulators Misc

Please improve it in any way that you see fit, and remove this notice {{Cleanup}} from the article. For tips on cleaning and formatting see Cleanup process



This page is still a work in progress. This document is intended to aid in the installation of a Samba setup that authenticates via MySQL database.

What do I emerge?

The use flag you should be looking for is +mysql on the samba package (This only apply to Samba prior to 3.0.23, for next ebuilds mysql USE flag was removed).

Code: #emerge -av mysql samba

These are the packages that I would merge, in order:

Calculating dependencies ...done!
[ebuild  N    ] dev-db/mysql-4.1.14  +berkdb -big-tables -cluster -debug -doc -extraengine -geometry -minimal +perl +readline (-selinux) +ssl -static +tcpd -utf8 0 kB 
[ebuild  N    ] perl-core/Storable-2.13  131 kB 
[ebuild  N    ] dev-perl/Net-Daemon-0.38  30 kB 
[ebuild  N    ] dev-perl/PlRPC-0.2016-r1  17 kB 
[ebuild  N    ] dev-perl/DBI-1.46  363 kB 
[ebuild  N    ] dev-perl/DBD-mysql-2.9007  114 kB 
[ebuild   N   ] net-fs/samba-3.0.14a-r2  -acl +cups -doc -examples -kerberos -ldap -libclamav +mysql* -oav -pam -postgres +python -quotas +readline (-selinux) -winbind -xml +xml2 0 kB 

Total size of downloads: 668 kB

Do you want me to merge these packages? [Yes/No]

Be sure to run etc-update after the programs are installed.

Configuring MySQL

MySQL will need to be initially set up. See HOWTO_MySQL for more information on installing MySQL.

Code: #mysql_install_db
Installing all prepared tables
Fill help tables

To start mysqld at boot time you have to copy support-files/mysql.server
to the right place for your system

To do so, start the server, then issue the following commands:
/usr/bin/mysqladmin -u root password 'new-password'
/usr/bin/mysqladmin -u root -h plum password 'new-password'
See the manual for more instructions.

You can start the MySQL daemon with:
cd /usr ; /usr/bin/mysqld_safe &

You can test the MySQL daemon with the benchmarks in the 'sql-bench' directory:
cd sql-bench ; perl run-all-tests

Please report any problems with the /usr/bin/mysqlbug script!

The latest information about MySQL is available on the web at
Support MySQL by buying support/licenses at

You should also then run /etc/init.d/mysql start:

Code: #/etc/init.d/mysql start
 * Starting mysqld (/etc/mysql/my.cnf) ...                                [ ok ]

Below is the database schema you will need. The password encryption is done via MySQL's ENCRYPT function. insert the following SQL:


USE samba_auth;

        logon_time int(9),
        logoff_time int(9),
        kickoff_time int(9),
        pass_last_set_time int(9),
        pass_can_change_time int(9),
        pass_must_change_time int(9),
        username varchar(255),
        domain varchar(255),
        nt_username varchar(255),
        nt_fullname varchar(255),
        home_dir varchar(255),
        dir_drive varchar(4),
        logon_script varchar(255),
        profile_path varchar(255),
        acct_desc varchar(255),
        workstations varchar(255),
        unknown_str varchar(255),
        munged_dial varchar(255),
        uid int(9) NOT NULL PRIMARY KEY auto_increment,
        gid int(9),
        user_sid varchar(255),
        group_sid varchar(255),
        lm_pw varchar(255),
        nt_pw varchar(255),
        acct_ctrl int(9),
        unknown_3 int(9),
        logon_divs int(9),
        hours_len int(9),
        unknown_5 int(9),
        unknown_6 int(9) default "1260",
        bad_password_count int(9),
        logon_count int(9),
        logon_hours varchar(255)

Configure Samba

Your /etc/samba/smb.conf file should be edited to look something like the following.

        passdb backend = mysql:foo

        foo:domain column = 'LOCALDOMAIN':
        server string = samba file services at WORKGROUP-NAME
        security = USER
        encrypt passwords = No
        update encrypted = No
        allow trusted domains = Yes
        min password length = 6
        null passwords = No
        foo:mysql host = localhost # can be changed to remote host
        foo:mysql password = sambapass
        foo:mysql user = samba
        foo:mysql database = samba_auth
        foo:mysql port = 3306
        foo:table = user
        revalidate = No
        writeable = Yes

        path = /www
        valid users = penguin
        force group = http
        writeable = Yes

        path = /samba/public
        valid users = penguin
        writeable = Yes
        guest ok = No

In some cases, for whatever reason, 'encrypt passwords' must be set to yes in order to allow the connection. If it is not, the error NT_STATUS_LOGON_FAILURE may be encountered.

Adding Users

With MySQL and Samba running, execute:
root# adduser penguin
root# pdbedit -a penguin
new password: somepassword
retype new password: somepassword

'penguin' is the username to be created with the password 'somepassword'


Make sure MySQL and Samba are running. If Samba was running before restart it. Create a unix user called "penguin" and login to that account. Use smbclient to test by doing the following.

Code: Test using smbclient
# smbclient \\\\localhost\\penguin

smbclient will then ask for a password, use 'secretpw', or whatever you made the password, then see if it works. You should be able to do an 'ls', 'mkdir', or 'cd' when you are in smbclient. You should also test this out on a Windows machine to make sure it works. If you aren't using Windows NT or 2000 make sure you 'log-in' to the machine as 'penguin'.


Retrieved from ""

Last modified: Sat, 20 Sep 2008 07:31:00 +0000 Hits: 21,052