[Samba] design question for small environment
Rowland Penny
rpenny at samba.org
Mon Sep 10 11:13:45 UTC 2018
On Mon, 10 Sep 2018 12:57:17 +0200
"Stefan G. Weichinger via samba" <samba at lists.samba.org> wrote:
> Am 10.09.18 um 10:06 schrieb Oliver Rath via samba:
>
> > For this, you could take roaming profiles for offline use. Here the
> > files were copied to the local machine cache and used, if no (or
> > only a slow) network connection is available. Alternativly, you
> > could use a "RODC" (Read only Domain Controller, a mirror of the
> > AD) locally in the another office. As a third solution, you could
> > use the RODC only for authorization, not for file server services,
> > but normally a slow connection in the desert should be sufficient
> > for authorization purposes.
>
> I am not sure if I understand completely or if I described the
> requirements accordingly.
>
> The department uses Thin Clients to access (a) the company
> networks/servers and (b) its own protected LAN (behind a firewall run
> by me) with some specific servers and VMs.
>
> So the thinclients are primarily domain members in the domain
> "BigFatCompany" and would have to be members in the domain
> "ProtectedServers" as well.
>
That does change things, it sounded like you were running a small
workgroup, not an adjunct to a domain.
If you don't want passwords stored anywhere, or floating about the lan,
then you need to join the two standalone servers to the domain,
probably one as a DC or RODC and then only allow access to the
shares from the thinclients via ACLs.
Rowland
More information about the samba
mailing list