AbsolutIggy
Dabbler
- Joined
- Feb 29, 2020
- Messages
- 31
Hi,
I'm looking for help&tips in choosing what "identity management" pathway to go down.. at the moment, we have nothing. Being the one who has to take care of these things, but this not being my main job, means that I have an interest in something which works and is not overkill - ie more work to admin than necessary. I am definitely not an expert in the field, and I'm finding it hard to find the information I need to make a choice.
Our organisation is distributed in the sense that there is not one office, one company name, or even one domain name in common for everybody. Several users are only part-time members of our organisation, and have others as well. (There are partners operating under different names, with one parent, and external consultants). The total number of users is quite low, below 50.
We have several services which are run by the organisation - for various things like e-mail, file sharing, and web-based tools as well as connectivity (VPN).
Because of the way we are organised, a classical "domain" doesn't feel quite right. We can't always integrate all devices fully, so at least we can't take full advantage of a "Domain Controller" - and right now, setting security policies for each PC, sharing printers and setting startup scripts is not the main priority.
I want a system where a user can log in to all services with the same username and password. I've tested an OpenLDAP server, and some of the web services seem to be very straightforward to integrate there.
When it comes to file sharing, it's a bit more complicated - and that's where TrueNAS comes in. We use TrueNAS for file storage, and since most client computers (although not all) are windows-based, this means sharing with the SMB protocol.
Getting users into a test TrueNAS system from the LDAP server was straightforward - ssh auth worked, no problem. Once I added the Samba LDIF file from the Samba package, I was able to access the SMB shares using the user-names configured in the OpenLDAP server.
The documentation/GUI are a bit unclear about the use of "Samba Schema", as are various sources on the internet - OpenLDAP should no longer be used as a backend for the Samba DC is my take away, but not quite what the alternative is.
The questions I have remaining are:
I'm looking for help&tips in choosing what "identity management" pathway to go down.. at the moment, we have nothing. Being the one who has to take care of these things, but this not being my main job, means that I have an interest in something which works and is not overkill - ie more work to admin than necessary. I am definitely not an expert in the field, and I'm finding it hard to find the information I need to make a choice.
Our organisation is distributed in the sense that there is not one office, one company name, or even one domain name in common for everybody. Several users are only part-time members of our organisation, and have others as well. (There are partners operating under different names, with one parent, and external consultants). The total number of users is quite low, below 50.
We have several services which are run by the organisation - for various things like e-mail, file sharing, and web-based tools as well as connectivity (VPN).
Because of the way we are organised, a classical "domain" doesn't feel quite right. We can't always integrate all devices fully, so at least we can't take full advantage of a "Domain Controller" - and right now, setting security policies for each PC, sharing printers and setting startup scripts is not the main priority.
I want a system where a user can log in to all services with the same username and password. I've tested an OpenLDAP server, and some of the web services seem to be very straightforward to integrate there.
When it comes to file sharing, it's a bit more complicated - and that's where TrueNAS comes in. We use TrueNAS for file storage, and since most client computers (although not all) are windows-based, this means sharing with the SMB protocol.
Getting users into a test TrueNAS system from the LDAP server was straightforward - ssh auth worked, no problem. Once I added the Samba LDIF file from the Samba package, I was able to access the SMB shares using the user-names configured in the OpenLDAP server.
The documentation/GUI are a bit unclear about the use of "Samba Schema", as are various sources on the internet - OpenLDAP should no longer be used as a backend for the Samba DC is my take away, but not quite what the alternative is.
The questions I have remaining are:
- What is in the future for using LDAP for SMB authentication? As explained, I do not really want a DC..
- Is the "Samba schema" really being deprecated for LDAP access? Is this because of its support in the SMB client software?
- Are there any other recommendations on software to use instead of OpenLDAP? I am open to testing anything else (it should be open source)..
- Does anyone have any useful tips from a similar setup?