[Samba] MacOS and Linux file sharing: full AD or simple server?

Valentijn Sessink v.sessink at openoffice.nl
Mon Nov 25 16:06:18 UTC 2024


Hi list,

Question: what are pros and cons for the following setups:
- current setup: using OpenLDAP for users, Samba for file sharing
- Using Samba for both (do I *need* it to be an AD? Or is it possible to 
just use the LDAP infrastructure without the AD stuff?)
- Using a passwd/shadow infrastructure and just use Samba for file sharing.

Background:
I'm currently running Samba (4.15.13) with a separate LDAP daemon 
(OpenLDAP) for a small network that consists of MacOS and Linux clients. 
The setup has been running, with several upgrades, since about 2007 or 
so, hence the separate Samba/OpenLDAP setup. There are about 15 active 
users. (It's OpenLDAP running on the same server, hence the "daemon" 
terminology - it's not a separate server machine).

An excerpt from my current smb.conf file:
   workgroup = customername
   passdb backend  = ldapsam:ldap://127.0.0.1/
   ldap admin dn   = cn=admin,dc=office,dc=customername,dc=nl
   ldap ssl        = off
   ldap suffix     = dc=office,dc=customername,dc=nl
   ldap user suffix        = ou=Users
   ldap group suffix       = ou=Groups
   ldap machine suffix     = ou=Computers
   unix extensions = yes
   security = user
   ldap password sync = yes

Now I'm planning to upgrade the network and services.

As there won't be any Windows machines, all the AD funny stuff (group 
policies and whatnot) is superfluous.

However, I do need a user database.

Now I'm not sure how to proceed. Should I just migrate OpenLDAP and its 
DB, migrate Samba too, and call it a day? Or is there any advantage to 
start using the AD backend of Samba to store the LDAP stuff? The 
disadvantage I'm seeing is that AD is primarily a Microsoft thing and I 
don't have any of the MS tooling (adding users etc etc) without a 
Microsoft OS.

I could also stop using OpenLDAP and just setup local users. Would work, 
too.

As a side note: I *do* have some weird problems where smbstatus will 
show "auth in progress" and freeze, once in a while (see mailing list 
message 2021-12-29 13:50), to which a few users mentioned that running a 
separate OpenLDAP was rather uncommon... :-/ - although I'm afraid my 
setup will still be rather uncommon after switching to a full AD without 
any windows machines connecting to it.

Best regards,

Valentijn



More information about the samba mailing list