2015-11-04 22:55 GMT+08:00 Rowland Penny <rowlandpenny241155 at gmail.com>:> On 04/11/15 14:34, Roger Wu wrote: > >> >> >> >> >> Doh! now you have raised more questions :-D >> >> First, the more users that you have, the harder it gets to >> maintain them in a workgroup, about 8 users is the maximum from my >> experience. Some of them will never use more than one machine, but >> most will move from one machine to another and so they will have >> to have login details on *all* machines they will log into. This >> is where a domain comes in, you create the user in one place and >> the user can then login everywhere. >> >> >> I don't really get it. Maybe I misinterpret what you said. >> If our samba server works, users only want to access samba service using >> their own PC, >> that's what they need, they are not allowed to use others' PCs but their >> own. >> >> And yes, users can move from one machine to another, that's how a domain >> works, >> but we don't need to provide samba service between Workstation, >> only one way access from PCs to Workstations is needed for users. >> >> I am not worried about users limitation, it's just as I said that not so >> many users need this service. >> If so, I'll figure it out. >> >> >> Now we come to the new questions, will the Unix machines need to >> be part of the domain ? >> >> >> What do you mean "to be part of the domain"? >> We have unix/linux machines in each NIS domain, they are a part of their >> domain. >> Could you define your question more precisely? >> >> You mention that they are in different domains, do you mean >> domains or do you mean workgroups? >> >> What I mean is NIS domain. We have three different domains, so I plan to >> start up one samba server for each domain separately >> As for workgroup, we only have one workgroup for windows, so it won't be >> an issue. >> >> Are any machines in a windows domain already? >> >> No. >> >> Finally, if you cannot set up a new domain, do your users need to >> own files on your samba server or do they just need to read & >> store files on the samba server. >> >> Rowland >> >> They just need to read & store files on the samba server. >> >> Regards, >> Roger >> >> > OK, from what you have posted, you have Unix & windows workstations and > they are in groups. You will probably be better of creating a new AD domain > with a number of sites, you can use the DCs to authenticate all the users & > groups and if push comes to shove, use the DCs as fileservers. Your users > would log into their workstation (either windows or Unix) and have all > their data to hand, the windows users would use the standard AD > capabilities and the Unix users would use the RFC2307 attributes that are > built into a Samba AD as standard. > > This will give you is centralisation of user & group maintenance, your > users info will exist in just one place, you only need to add a user once, > you can do it without leaving your chair, unlike a WORKGROUP, where you > will have to visit *every* workstation or server that a user will connect > to. I have been there, done that and my workgroup was scattered over three > counties! It isn't easy. > > Rowland > >Geez! It's too deep for me to understand. I did achieve what I want with old samba version only doing some simple settings, I tried to reduplicate the result using new samba version but it failed. I didn't expect it comes to this way you mentioned, it seems more complicated. We do have an AD for PC windows workgroup. Why should I need to create a new AD? Would you please give me an example or show me how to setup samba as you said? I have no experience creating a AD domain and DCs. Roger> -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
On 04/11/15 15:38, Roger Wu wrote:> > > 2015-11-04 22:55 GMT+08:00 Rowland Penny <rowlandpenny241155 at gmail.com > <mailto:rowlandpenny241155 at gmail.com>>: > > On 04/11/15 14:34, Roger Wu wrote: > > > > > > Doh! now you have raised more questions :-D > > First, the more users that you have, the harder it gets to > maintain them in a workgroup, about 8 users is the maximum > from my > experience. Some of them will never use more than one > machine, but > most will move from one machine to another and so they > will have > to have login details on *all* machines they will log > into. This > is where a domain comes in, you create the user in one > place and > the user can then login everywhere. > > > I don't really get it. Maybe I misinterpret what you said. > If our samba server works, users only want to access samba > service using their own PC, > that's what they need, they are not allowed to use others' PCs > but their own. > > And yes, users can move from one machine to another, that's > how a domain works, > but we don't need to provide samba service between Workstation, > only one way access from PCs to Workstations is needed for users. > > I am not worried about users limitation, it's just as I said > that not so many users need this service. > If so, I'll figure it out. > > > Now we come to the new questions, will the Unix machines > need to > be part of the domain ? > > > What do you mean "to be part of the domain"? > We have unix/linux machines in each NIS domain, they are a > part of their domain. > Could you define your question more precisely? > > You mention that they are in different domains, do you mean > domains or do you mean workgroups? > > What I mean is NIS domain. We have three different domains, so > I plan to start up one samba server for each domain separately > As for workgroup, we only have one workgroup for windows, so > it won't be an issue. > > Are any machines in a windows domain already? > > No. > > Finally, if you cannot set up a new domain, do your users > need to > own files on your samba server or do they just need to read & > store files on the samba server. > > Rowland > > They just need to read & store files on the samba server. > > Regards, > Roger > > > OK, from what you have posted, you have Unix & windows > workstations and they are in groups. You will probably be better > of creating a new AD domain with a number of sites, you can use > the DCs to authenticate all the users & groups and if push comes > to shove, use the DCs as fileservers. Your users would log into > their workstation (either windows or Unix) and have all their data > to hand, the windows users would use the standard AD capabilities > and the Unix users would use the RFC2307 attributes that are built > into a Samba AD as standard. > > This will give you is centralisation of user & group maintenance, > your users info will exist in just one place, you only need to add > a user once, you can do it without leaving your chair, unlike a > WORKGROUP, where you will have to visit *every* workstation or > server that a user will connect to. I have been there, done that > and my workgroup was scattered over three counties! It isn't easy. > > Rowland > > > Geez! It's too deep for me to understand. > I did achieve what I want with old samba version only doing some > simple settings, > I tried to reduplicate the result using new samba version but it failed. > I didn't expect it comes to this way you mentioned, it seems more > complicated.No, I doubt if you will be unable to understand it, you just haven't had any experience yet.> > We do have an AD for PC windows workgroup. Why should I need to create > a new AD?No, again I doubt you are using an AD for a workgroup, domain yes, workgroup no.> Would you please give me an example or show me how to setup samba as > you said? >OK, start here: https://wiki.samba.org/index.php/Setup_a_Samba_Active_Directory_Domain_Controller> I have no experience creating a AD domain and DCs.Everybody has to start somewhere. OK, if you do not want to go down this path, then try this smb.conf [global] workgroup = WORKGROUP server string = **** netbios name = ***** printcap name = /dev/null load printers = no disable spoolss = yes printing = bsd dns proxy = no map to guest = Bad User guest ok = yes This should work without adding any users to the server, anybody that connects gets mapped to the guest user, but this does mean that your users cannot own anything on the server and anybody will be able to read or delete anything!!! You just need to add whatever shares you require (and alter it to suit your workgroup etc). Rowland
2015-11-05 0:16 GMT+08:00 Rowland Penny <rowlandpenny241155 at gmail.com>:> On 04/11/15 15:38, Roger Wu wrote: > >> >> >> 2015-11-04 22:55 GMT+08:00 Rowland Penny <rowlandpenny241155 at gmail.com >> <mailto:rowlandpenny241155 at gmail.com>>: >> >> >> On 04/11/15 14:34, Roger Wu wrote: >> >> >> >> >> >> Doh! now you have raised more questions :-D >> >> First, the more users that you have, the harder it gets to >> maintain them in a workgroup, about 8 users is the maximum >> from my >> experience. Some of them will never use more than one >> machine, but >> most will move from one machine to another and so they >> will have >> to have login details on *all* machines they will log >> into. This >> is where a domain comes in, you create the user in one >> place and >> the user can then login everywhere. >> >> >> I don't really get it. Maybe I misinterpret what you said. >> If our samba server works, users only want to access samba >> service using their own PC, >> that's what they need, they are not allowed to use others' PCs >> but their own. >> >> And yes, users can move from one machine to another, that's >> how a domain works, >> but we don't need to provide samba service between Workstation, >> only one way access from PCs to Workstations is needed for users. >> >> I am not worried about users limitation, it's just as I said >> that not so many users need this service. >> If so, I'll figure it out. >> >> >> Now we come to the new questions, will the Unix machines >> need to >> be part of the domain ? >> >> >> What do you mean "to be part of the domain"? >> We have unix/linux machines in each NIS domain, they are a >> part of their domain. >> Could you define your question more precisely? >> >> You mention that they are in different domains, do you mean >> domains or do you mean workgroups? >> >> What I mean is NIS domain. We have three different domains, so >> I plan to start up one samba server for each domain separately >> As for workgroup, we only have one workgroup for windows, so >> it won't be an issue. >> >> Are any machines in a windows domain already? >> >> No. >> >> Finally, if you cannot set up a new domain, do your users >> need to >> own files on your samba server or do they just need to read & >> store files on the samba server. >> >> Rowland >> >> They just need to read & store files on the samba server. >> >> Regards, >> Roger >> >> >> OK, from what you have posted, you have Unix & windows >> workstations and they are in groups. You will probably be better >> of creating a new AD domain with a number of sites, you can use >> the DCs to authenticate all the users & groups and if push comes >> to shove, use the DCs as fileservers. Your users would log into >> their workstation (either windows or Unix) and have all their data >> to hand, the windows users would use the standard AD capabilities >> and the Unix users would use the RFC2307 attributes that are built >> into a Samba AD as standard. >> >> This will give you is centralisation of user & group maintenance, >> your users info will exist in just one place, you only need to add >> a user once, you can do it without leaving your chair, unlike a >> WORKGROUP, where you will have to visit *every* workstation or >> server that a user will connect to. I have been there, done that >> and my workgroup was scattered over three counties! It isn't easy. >> >> Rowland >> >> I am still confused why can't I use NIS as centralization of userauthentication? I can do it at samba3x, or samba4x do it in a total different way?> >> Geez! It's too deep for me to understand. >> I did achieve what I want with old samba version only doing some simple >> settings, >> I tried to reduplicate the result using new samba version but it failed. >> I didn't expect it comes to this way you mentioned, it seems more >> complicated. >> > > No, I doubt if you will be unable to understand it, you just haven't had > any experience yet. > > >> We do have an AD for PC windows workgroup. Why should I need to create a >> new AD? >> > > No, again I doubt you are using an AD for a workgroup, domain yes, > workgroup noIt's my misunderstanding. you're right we are using an AD for windows domain. Even so, I still need to create another new AD for what ?> . > > Would you please give me an example or show me how to setup samba as you >> said? >> >> > OK, start here: > https://wiki.samba.org/index.php/Setup_a_Samba_Active_Directory_Domain_Controller > > I'm try to study the above link you suggest, but I can't find samba-toolfor my installed packages Where can I find samba-tool? [root at testcad16 ~]# rpm -qa | grep samba sernet-samba-4.2.5-19.el6.x86_64 sernet-samba-libs-4.2.5-19.el6.x86_64 sernet-samba-libsmbclient0-4.2.5-19.el6.x86_64 sernet-samba-client-4.2.5-19.el6.x86_64 sernet-samba-common-4.2.5-19.el6.x86_64> I have no experience creating a AD domain and DCs. >> > > Everybody has to start somewhere. > > > OK, if you do not want to go down this path, then try this smb.conf > > [global] > workgroup = WORKGROUP > server string = **** > netbios name = ***** > printcap name = /dev/null > load printers = no > disable spoolss = yes > printing = bsd > dns proxy = no > map to guest = Bad User > guest ok = yes > > This should work without adding any users to the server, anybody that > connects gets mapped to the guest user, but this does mean that your users > cannot own anything on the server and anybody will be able to read or > delete anything!!! > > I've tried the above smb.conf, and ya, it worked, but it's definitely notwhat I want. I'll jump to the other option you suggested, but it will takes me time to learn it. Roger> You just need to add whatever shares you require (and alter it to suit > your workgroup etc). > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >