[Samba] design question for small environment
Stefan G. Weichinger
lists at xunil.at
Mon Sep 24 13:24:36 UTC 2018
Am 10.09.18 um 13:13 schrieb Rowland Penny via samba:
> On Mon, 10 Sep 2018 12:57:17 +0200
> "Stefan G. Weichinger via samba" <samba at lists.samba.org> wrote: >> So the thinclients are primarily domain members in the domain
>> "BigFatCompany" and would have to be members in the domain
>> "ProtectedServers" as well.
> That does change things, it sounded like you were running a small
> workgroup, not an adjunct to a domain.
> If you don't want passwords stored anywhere, or floating about the lan,
> then you need to join the two standalone servers to the domain,
> probably one as a DC or RODC and then only allow access to the
> shares from the thinclients via ACLs.
We now discuss this:
set up a new ADS-domain based on samba-4 (at first in a VM running on
one of the 2 servers) and set up some trust relationship.
Our new small domain trusts the domain "BigFatCompany" and we limit
access to the shares via smb.conf etc
Might be more comfortable and integrated ... I will read more on these
trusted domain stuff.
More information about the samba