Directory services over plain Samba

Status
Not open for further replies.
larynx

larynx

Dabbler
Joined
Jul 8, 2014
Messages
28
I currently have a box running FreeNAS 9.10, the box is being used as a file server only with files served using Samba to less than 10 workstations in a Windows-only (7,8,10) space.

I was wondering if it would be worth enabling any sort of directory services on the box with either Active Directory or OpenLDP (or something else) so the box can be used for user authentication instead of the local accounts the workstations have at the moment. I've seen plenty of posts about directory services (AD specifically) not functioning correctly or periodically stopping on FreeNAS and I was wondering if it's worth the hassle.

Thank you
 
M

mattbbpl

Patron
Joined
May 30, 2015
Messages
237
Active Directory can be a pain for the novice.

Do you have reason to block access? If not, I'd just avoid it.

Heck, even if you're concerned about guests accessing it, it would probably be simpler to set up the guest network on your router to segregate that traffic from your personal traffic (which I would recommend anyway, for various reasons).
 
larynx

larynx

Dabbler
Joined
Jul 8, 2014
Messages
28
The only thing I need to worry about is authenticated users on the network accessing files they don't have permissions to read/write. Right now it's being taken care of by Samba but I wondering if there would be an advantage to using directory services for that
 
Ericloewe

Ericloewe

Server Wrangler
Moderator
Joined
Feb 15, 2014
Messages
20,194
Only if you have a lot of users.
 
anodos

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,554
I'd say around 20-30 users is where I'd start seriously looking into AD. You don't need AD to secure a samba server.

With your size, an easier time-saver would be (if you have relatively standardized hardware) to

1) create a clean windows install with all required applications, local group policies set up, and local admin accounts.

2) use sysprep to put it in a generalized state

3) image the disk using clonezilla or a similar tool.

4) reimage computers liberally

These items will get you a lot of the security benefits of a more complex windows environment, and knock a few of the SANs top 20 off the to-do list.Just make sure your images work.

I'd write more, but typing on a mobile phone is too annoying.
 
Last edited:
Status
Not open for further replies.

Similar threads

R
  • Locked
Multi OS/Protocol filer(authentication with shares)
Replies
2
Views
1K
RegularJoe
R
L
  • Locked
Unable to enable multiple directory services concurrently
Replies
1
Views
953
dlavigne
D
jgreco
  • Locked
Samba 4 as an Active Directory PDC
Replies
4
Views
5K
jgreco
jgreco
H
  • Locked
Directory Services not starting in 9.2.1.5
Replies
5
Views
7K
mauirixxx
mauirixxx
D
  • Locked
FreeNAS 9.1 - Windows 2008 R2 issues after enabling AD integration
Replies
14
Views
15K
TheSmoker
TheSmoker
Top