Re: [Samba] File server questions
- Date: Wed, 30 Aug 2017 17:33:53 +0100
- From: Rowland Penny via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] File server questions
On Wed, 30 Aug 2017 12:54:10 -0300
Flávio Silveira via samba <samba@xxxxxxxxxxxxxxx> wrote:
> > How many users/computers do you have ?
> About 30 users/computers, a bit less
One DC should cope with that
> > If it is only a small number, then (whatever Andrew says) you can
> > use a Samba AD DC as a fileserver as well (it better be, Clearos
> > use it as a DC and fileserver).
> > It is better to use more than one DC with separate fileservers, but
> > sometimes you have to make do with what you have ;-)
> Indeed, in my case I only have poor PC hardware for now, maybe in the
> future I will get better hardware with lots of processing power, so I
> can have more VMs and then separate them.
As I said, sometimes you have to make do with what you have.
> > The problem with setting up a standalone server is that you will
> > need to create any users and groups, that will connect from
> > windows, on the standalone server, this gives you multiple places
> > to admin users and groups. Workgroups do not scale well, especially
> > if users move about from computer to computer, this is the reason
> > behind domains.
> When you say "multiple places to admin users and groups", what do you
> mean? If I have only one standalone server, wouldn't it be the only
> place to admin them?
OK, I will try to explain this:
If your users move from computer to computer, they will need to to be
created on ALL computers they will actually use, the same goes for
groups. You are now saying, lets create a standalone fileserver, all
your users and groups will need to be created on the fileserver, both
as Unix users & groups and as Samba users & groups. If that wasn't bad
enough, Whilst the user could have different password on each computer
they log into, this would only allow them to log into that computer, if
they tried to connect to another computer they can log into, they would
be denied because they use a different password on that computer. You
wouldn't want that, so you make them use the same password everywhere,
with me so far ?
Now, a user decides to change their password (or you make them), this
means they have to go to every computer (including your fileserver) and
change the password.
Compare this with an AD domain, all the user information is stored in
AD and so there is only place to change the password, only one place to
create users, you can disable users everywhere by disabling them in
just one place, you can use GPOs I could go on, but I think you get the
point (or at least I hope you do), using AD is just so much easier ;-)
To unsubscribe from this list go to the following URL and read the