[Samba] multiuser with simple user mapping

[Eric Levy]

On Thu, 2021-07-01 at 21:53 +0100, Rowland Penny via samba wrote:
> > Not using a domain is a preference based on a hope to achieve the
> > stated behavior as simply as possible. All else being equal, two
> > nodes
> > is simpler than two nodes plus a domain server. Both hardware and
> > administrative resources are scarce. I had hoped that the
> > coordination
> > of users and permissions might be accomplished between two nodes
> > using
> > only what is already provided by these nodes. Certainly, support
> > for
> > such a case would be a very helpful feature. A domain by definition
> > is
> > most relevant when the number of other nodes exceeds two, so it is
> > not
> > optimal to face the requirement to create a domain just to add
> > capabilities to the way two nodes interact. 
> > 
> > I am not opposed categorically to a domain server, but as the
> > resources
> > to provision and to maintain any configuration is minimal, and as
> > most
> > information on the topic of domain servers is targeted at
> > administrators managing full-scale commercial or institutional
> > deployments, I am wondering what information or references
> > participants
> > on this list might offer to help me understand how to achieve this
> > result as efficiently as possible.
> > 
> > Available nodes are limited to the Synology device, which has some
> > support for domain servers through add-on packages, and any virtual
> > machines I may create on the same device. In fact, the "server" I
> > earlier mentioned is actually a virtual machine on the Synology
> > device.
> > I had omitted this detail because it is doubtful that it would
> > affect
> > any answer given so far.
> > 
> > To summarize, I think the following would be most helpful, at this
> > stage:
> > 
> >    1. Any concise resources explaining how to create a basic
> > configuration
> >       of a domain server on the Synology device, for the stated use
> > case,
> >       assuming minimal knowledge on the subject.
> >    2. A concrete example of the simplest mount command expected to
> > satisfy
> >       the case.
> > 
> > 
> 
> A Samba standalone server is akin to a Windows PC that isn't a member
> of a domain, a group of such machines is usually described as a
> workgroup.
> For a workgroup to work, you need to create the same users and groups
> on all workgroup members, with preferrably the same passwords. This
> is
> okay for a small number of computers, certainly no more than twenty,
> after that it gets out of hand, this is why domains were created. You
> say that there are only two computers involved, I find this hard to
> believe, surely there are going to be other client machines.
> 
> I have never used a synology device, but they have cropped up on this
> list from time to time, usually with problems similar to yours. I can
> only advise what I know works with standard Samba, unfortunately
> synology does not seem to want you to alter the smb.conf file
> manually. 
> 
> Louis posted a link to synology's source code on Sourceforge and if
> that link is the latest available (it is dated 2020-10-01) then it is
> using a very old version of Samba (4.4.16 to be precise) and I
> wouldn't
> use it. What does 'smbd -V' output ? 
> If the sourcecode is to be believed, there are three extra
> directories,
> SynoBuildConf, synocache and synosmb, there are probably other
> changes.
> 
> What are your clients running ?
> 
> Rowland


As you anticipate, other clients would access the shares as well, but
would do so according to a more familiar single-user per-session style
of mount. The server is a special case because it runs automatic tasks
and supports multiple concurrent logins, giving rise to the requirement
that files from the mount are available at all times, beginning
immediately after boot, and appear locally according to the same
permissions as though the same users were running tasks directly on the
storage device. Thus, the occurrence of these clients has seemed to me
incidental, and unlikely to change any answer that would be given in
this discussion. All clients are running Linux, but from time to time
Windows client may also access the shares.

Currently, I have users on the Linux server and the Synology storage
device with the same user names and passwords. However, your comments
about the relevance of the workgroup confuse me, because mounting a
share through Samba involves providing a host name and share name, but
not a workgroup. Perhaps you might clarify how the mount would
participate, in any sense, in the workgroup, rather than simply being a
connection between two network endpoints.

Synology attempts to restrict modifications of smb.conf, but does
provide a graphical interface for control over some of the options.
Synology also provides an add-on package to allow the device act as a
domain server.

The smbd version is reported as follows:

Version 4.10.18
Synology Build 41858, May  4 2021 12:54:26