[Samba] design question for small environment
rpenny at samba.org
Mon Sep 10 09:12:31 UTC 2018
On Mon, 10 Sep 2018 08:35:38 +0200
"Stefan G. Weichinger via samba" <samba at lists.samba.org> wrote:
> Greetings samba-users
> another "design issue" here
> I run 2 servers in a very closed environment, basically it is only
> one fileserver, the 2nd does snapshots and backups etc
> That server is configured as standalone and knows only ~6 local
> users. No ADS, no domain membership.
> Think of a separated department in a company which has to be as
> disconnected from the company's IT as possible.
> The users there wrote themselves a batch-script that connects their
> network shares, it contains cleartext passwords ... bad
> Now they had a security audit and we should get rid of that batch
> file, sure.
> I consider setting up an ADC for that one server overkill. And I
> wonder where they would keep their passwords then, it wouldn't change
> And connecting to the company's AD isn't wanted because that would
> allow the "upstream IT" access to the protected server.
> How do other admins solve that?
> I'd appreciate any clever suggestions or examples.
> greets, Stefan
Hi Stefan, I would set up a small AD domain, one DC, and turn the two
original servers into Unix domain members and then use kerberos.
I cannot think of any other way of not using passwords.
More information about the samba