Re: [Samba] design question for small environment
- Date: Mon, 10 Sep 2018 10:12:31 +0100
- From: Rowland Penny via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] design question for small environment
On Mon, 10 Sep 2018 08:35:38 +0200
"Stefan G. Weichinger via samba" <samba@xxxxxxxxxxxxxxx> wrote:
> Greetings samba-users
> another "design issue" here
> I run 2 servers in a very closed environment, basically it is only
> one fileserver, the 2nd does snapshots and backups etc
> That server is configured as standalone and knows only ~6 local
> users. No ADS, no domain membership.
> Think of a separated department in a company which has to be as
> disconnected from the company's IT as possible.
> The users there wrote themselves a batch-script that connects their
> network shares, it contains cleartext passwords ... bad
> Now they had a security audit and we should get rid of that batch
> file, sure.
> I consider setting up an ADC for that one server overkill. And I
> wonder where they would keep their passwords then, it wouldn't change
> And connecting to the company's AD isn't wanted because that would
> allow the "upstream IT" access to the protected server.
> How do other admins solve that?
> I'd appreciate any clever suggestions or examples.
> greets, Stefan
Hi Stefan, I would set up a small AD domain, one DC, and turn the two
original servers into Unix domain members and then use kerberos.
I cannot think of any other way of not using passwords.
To unsubscribe from this list go to the following URL and read the