[Samba] design question for small environment

Stefan G. Weichinger lists at xunil.at
Mon Sep 24 13:24:36 UTC 2018


Am 10.09.18 um 13:13 schrieb Rowland Penny via samba:
> On Mon, 10 Sep 2018 12:57:17 +0200
> "Stefan G. Weichinger via samba" <samba at lists.samba.org> wrote: >> So the thinclients are primarily domain members in the domain
>> "BigFatCompany" and would have to be members in the domain
>> "ProtectedServers" as well.
>>
> 
> That does change things, it sounded like you were running a small
> workgroup, not an adjunct to a domain.
> 
> If you don't want passwords stored anywhere, or floating about the lan,
> then you need to join the two standalone servers to the domain,
> probably one as a DC or RODC and then only allow access to the
> shares from the thinclients via ACLs.


We now discuss this:

set up a new ADS-domain based on samba-4 (at first in a VM running on 
one of the 2 servers) and set up some trust relationship.

Our new small domain trusts the domain "BigFatCompany" and we limit 
access to the shares via smb.conf etc

Might be more comfortable and integrated ... I will read more on these 
trusted domain stuff.



More information about the samba mailing list