[Samba] design question for small environment
Rowland Penny
rpenny at samba.org
Mon Sep 10 09:12:31 UTC 2018
On Mon, 10 Sep 2018 08:35:38 +0200
"Stefan G. Weichinger via samba" <samba at lists.samba.org> wrote:
>
> Greetings samba-users
>
> another "design issue" here
>
> I run 2 servers in a very closed environment, basically it is only
> one fileserver, the 2nd does snapshots and backups etc
>
> That server is configured as standalone and knows only ~6 local
> users. No ADS, no domain membership.
>
> Think of a separated department in a company which has to be as
> disconnected from the company's IT as possible.
>
> The users there wrote themselves a batch-script that connects their
> network shares, it contains cleartext passwords ... bad
>
> Now they had a security audit and we should get rid of that batch
> file, sure.
>
> I consider setting up an ADC for that one server overkill. And I
> wonder where they would keep their passwords then, it wouldn't change
> that.
>
> And connecting to the company's AD isn't wanted because that would
> allow the "upstream IT" access to the protected server.
>
> How do other admins solve that?
> I'd appreciate any clever suggestions or examples.
>
> greets, Stefan
>
Hi Stefan, I would set up a small AD domain, one DC, and turn the two
original servers into Unix domain members and then use kerberos.
I cannot think of any other way of not using passwords.
Rowland
More information about the samba
mailing list