On Thu, 2021-07-01 at 09:48 +0100, Rowland Penny via samba
wrote:> > If all the users in all the machines accessing the share in your
> > network
> > share the the same UID namespace without conflicts, then in that
> > case
> > you could use idsfromsid I think. With it, any *new* file created
> > by
> > user bob will show up on the share as owned by a special SID that
> > contains the UID. And only files created with that mount options
> > should
> > be listed back with bob uid.
> >
> > That being said, if you have the same uid namespace on all machines
> > for
> > user bob, that means you already have some sort of centralized
> > identication server similar to AD and are using winbind or sssd.
>
> That's the problem, he isn't, he is running Samba as a standalone
> server, it would be a lot easier if he was running Samba as a Unix
> domain member.
>
> Rowland
Not using a domain is a preference based on a hope to achieve the
stated behavior as simply as possible. All else being equal, two nodes
is simpler than two nodes plus a domain server. Both hardware and
administrative resources are scarce. I had hoped that the coordination
of users and permissions might be accomplished between two nodes using
only what is already provided by these nodes. Certainly, support for
such a case would be a very helpful feature. A domain by definition is
most relevant when the number of other nodes exceeds two, so it is not
optimal to face the requirement to create a domain just to add
capabilities to the way two nodes interact.
I am not opposed categorically to a domain server, but as the resources
to provision and to maintain any configuration is minimal, and as most
information on the topic of domain servers is targeted at
administrators managing full-scale commercial or institutional
deployments, I am wondering what information or references participants
on this list might offer to help me understand how to achieve this
result as efficiently as possible.
Available nodes are limited to the Synology device, which has some
support for domain servers through add-on packages, and any virtual
machines I may create on the same device. In fact, the "server" I
earlier mentioned is actually a virtual machine on the Synology device.
I had omitted this detail because it is doubtful that it would affect
any answer given so far.
To summarize, I think the following would be most helpful, at this
stage:
1. Any concise resources explaining how to create a basic configuration
of a domain server on the Synology device, for the stated use case,
assuming minimal knowledge on the subject.
2. A concrete example of the simplest mount command expected to satisfy
the case.