[Samba] MacOS and Linux file sharing: full AD or simple server?
Rowland Penny
rpenny at samba.org
Tue Nov 26 09:52:55 UTC 2024
On Tue, 26 Nov 2024 10:20:51 +0100
Valentijn Sessink via samba <samba at lists.samba.org> wrote:
> Hi list, hi Rowland,
>
> Thanks for your answer. However, I'm not sure I understand it.
> Starting smbstatus on my current server, all clients show "SMB3_11"
> for protocol? Isn't that what you mean with "SMBv1" (aka CIFS aka
> NT1)?
No, SMB3_11 is SMBv3, CIFS is a much overused name, Microsoft only used
it for a very short time and then started to just call it SMB, Samba
always referred to SMBv1 as NT1 (complicated isn't it ;-) ).
>
> On 25-11-2024 17:45, Rowland Penny via samba wrote:
> > Valentijn Sessink via samba <samba at lists.samba.org> wrote:
> >> Question: what are pros and cons for the following setups:
> >> - current setup: using OpenLDAP for users, Samba for file sharing
> >> - Using Samba for both (do I *need* it to be an AD? Or is it
> >> possible to just use the LDAP infrastructure without the AD stuff?)
> >> - Using a passwd/shadow infrastructure and just use Samba for file
> >> sharing.
> [...]
> > Your major problem is that the old NT4-style domains (which is what
> > you appear to be running) rely on SMBv1 and this is now turned off
> > by default because it is very insecure.
>
> Do you mean that this is (somewhat) obsolete?
> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Standalone_Server
> or is this still viable?
It is still viable, but only as a standalone server (mostly used by
home users), it can never be part of a domain, if you have a lot of
computers and require the same users on all or most of them, you need a
domain with central management, AD.
>
> [...]
> > You could probably upgrade your existing setup to AD, but for such a
> > small group of users, you are probably better off starting with a
> > new AD domain, this way you can leave all the old ways behind (such
> > as possibly having the same local users and domain users, IDs
> > starting at 1000, etc). The one thing I always say, forget most of
> > what you have
>
> OK, but I *do* want local users to have the same Unix ID's, because
> the server also serves e-mail. Is that even possible?
I didn't say you couldn't have local users (or if I did, I didn't mean
it in that way), you cannot have a local user called 'fred' in
'etc/passwd and in AD, but the local Unix can know the AD user 'fred'
rowland at devstation:~$ getent passwd rowland
rowland:*:11104:10513:Rowland Penny:/home/rowland:/bin/bash
rowland at devstation:~$ grep 'rowland' /etc/passwd
rowland at devstation:~$
As you can see, I am know to the system above, but I am not in
/etc/passwd
>
> > learnt about NT4-style domains, AD is different and better.
>
> What is better about it?
Just about everything.
Rowland
More information about the samba
mailing list