Web lists-archives.com

Re: [Samba] design question for small environment




On Mon, 10 Sep 2018 12:57:17 +0200
"Stefan G. Weichinger via samba" <samba@xxxxxxxxxxxxxxx> wrote:

> Am 10.09.18 um 10:06 schrieb Oliver Rath via samba:
> 
> > For this, you could take roaming profiles for offline use. Here the
> > files were copied to the local machine cache and used, if no (or
> > only a slow) network connection is available. Alternativly, you
> > could use a "RODC" (Read only Domain Controller, a mirror of the
> > AD) locally in the another office. As a third solution, you could
> > use the RODC only for authorization, not for file server services,
> > but normally a slow connection in the desert should be sufficient
> > for authorization purposes.
> 
> I am not sure if I understand completely or if I described the 
> requirements accordingly.
> 
> The department uses Thin Clients to access (a) the company 
> networks/servers and (b) its own protected LAN (behind a firewall run
> by me) with some specific servers and VMs.
> 
> So the thinclients are primarily domain members in the domain 
> "BigFatCompany" and would have to be members in the domain 
> "ProtectedServers" as well.
> 

That does change things, it sounded like you were running a small
workgroup, not an adjunct to a domain.

If you don't want passwords stored anywhere, or floating about the lan,
then you need to join the two standalone servers to the domain,
probably one as a DC or RODC and then only allow access to the
shares from the thinclients via ACLs.

Rowland
 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba