[Samba] MacOS and Linux file sharing: full AD or simple server?
Valentijn Sessink
v.sessink at openoffice.nl
Mon Nov 25 16:06:18 UTC 2024
Hi list,
Question: what are pros and cons for the following setups:
- current setup: using OpenLDAP for users, Samba for file sharing
- Using Samba for both (do I *need* it to be an AD? Or is it possible to
just use the LDAP infrastructure without the AD stuff?)
- Using a passwd/shadow infrastructure and just use Samba for file sharing.
Background:
I'm currently running Samba (4.15.13) with a separate LDAP daemon
(OpenLDAP) for a small network that consists of MacOS and Linux clients.
The setup has been running, with several upgrades, since about 2007 or
so, hence the separate Samba/OpenLDAP setup. There are about 15 active
users. (It's OpenLDAP running on the same server, hence the "daemon"
terminology - it's not a separate server machine).
An excerpt from my current smb.conf file:
workgroup = customername
passdb backend = ldapsam:ldap://127.0.0.1/
ldap admin dn = cn=admin,dc=office,dc=customername,dc=nl
ldap ssl = off
ldap suffix = dc=office,dc=customername,dc=nl
ldap user suffix = ou=Users
ldap group suffix = ou=Groups
ldap machine suffix = ou=Computers
unix extensions = yes
security = user
ldap password sync = yes
Now I'm planning to upgrade the network and services.
As there won't be any Windows machines, all the AD funny stuff (group
policies and whatnot) is superfluous.
However, I do need a user database.
Now I'm not sure how to proceed. Should I just migrate OpenLDAP and its
DB, migrate Samba too, and call it a day? Or is there any advantage to
start using the AD backend of Samba to store the LDAP stuff? The
disadvantage I'm seeing is that AD is primarily a Microsoft thing and I
don't have any of the MS tooling (adding users etc etc) without a
Microsoft OS.
I could also stop using OpenLDAP and just setup local users. Would work,
too.
As a side note: I *do* have some weird problems where smbstatus will
show "auth in progress" and freeze, once in a while (see mailing list
message 2021-12-29 13:50), to which a few users mentioned that running a
separate OpenLDAP was rather uncommon... :-/ - although I'm afraid my
setup will still be rather uncommon after switching to a full AD without
any windows machines connecting to it.
Best regards,
Valentijn
More information about the samba
mailing list