[Samba] design question for small environment

Rowland Penny rpenny at samba.org
Mon Sep 10 09:12:31 UTC 2018


On Mon, 10 Sep 2018 08:35:38 +0200
"Stefan G. Weichinger via samba" <samba at lists.samba.org> wrote:

> 
> Greetings samba-users
> 
> another "design issue" here
> 
> I run 2 servers in a very closed environment, basically it is only
> one fileserver, the 2nd does snapshots and backups etc
> 
> That server is configured as standalone and knows only ~6 local
> users. No ADS, no domain membership.
> 
> Think of a separated department in a company which has to be as 
> disconnected from the company's IT as possible.
> 
> The users there wrote themselves a batch-script that connects their 
> network shares, it contains cleartext passwords ... bad
> 
> Now they had a security audit and we should get rid of that batch
> file, sure.
> 
> I consider setting up an ADC for that one server overkill. And I
> wonder where they would keep their passwords then, it wouldn't change
> that.
> 
> And connecting to the company's AD isn't wanted because that would
> allow the "upstream IT" access to the protected server.
> 
> How do other admins solve that?
> I'd appreciate any clever suggestions or examples.
> 
> greets, Stefan
> 

Hi Stefan, I would set up a small AD domain, one DC, and turn the two
original servers into Unix domain members and then use kerberos.

I cannot think of any other way of not using passwords.

Rowland



More information about the samba mailing list