Hi Rowland, On 29/08/2017 17:55, Rowland Penny via samba wrote:> On Tue, 29 Aug 2017 17:20:06 -0300 > Flávio Silveira via samba <samba at lists.samba.org> wrote: > >> Good evening, >> >> I am trying to setup Samba as file server using this tutorial: >> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Standalone_Server > Why ? your last post was about setting up an AD DC, see here for how > to setup a Unix domain member: > > https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_MemberI think you are confusing me with someone else, my last post was regarding running AD DC and File Server with the same Samba, no Unix at all. Andrew answered it wasn't recommended, and as I am new, I have decided to focus on the file server only, as it is what I need for now, AD would be a plus.>> The version I am using is 4.6.7 from Van Belle's repo, on Debian >> Stretch 9.1. >> >> I have a server subnet (192.168.13.x) and a client subnet >> (192.168.11.x), currently, for testing purposes, the server is on the >> same subnet as the clients. Will I have problems if after the tests I >> move to the server subnet? > No, not if you set up a Unix domain member, in which case you will only > need the smb.conf and you can then just reuse this on all your unix > machines.I don't have any Unix machine, the only machine I have runs Debian Stretch 9.1.>> Clients are Windows 10 x64 build 1703 and it seems Master Browser >> is broken on this version as "net view" gives me error 2184. >> >> For my share structure I am thinking in dividing them in >> departments (groups in this case): >> >> - Commercial (/srv/data/commercial) >> >> - Finances (/srv/data/finances) >> >> - Production (/srv/data/production) >> >> - Marketing (/srv/data/marketing) >> >> and so on. >> >> I can show all departments if needed, I need better ideas anyway, >> as I can't figure out a way to give read/write access to a single >> folder per department, if they need to exchange files for some reason. >> >> The only thing I've changed in smb.conf from the tutorial was >> adding "name resolve order" and putting dns as first. > AD relies on dns so there is no need for that line in smb.confI don't have an AD, my network is a simple WORKGROUP, and I gave up the idea of setting up both AD and File Server for now as I would need 2 machines, I only have one.> >> Am I going in the right path here? > No, probably not, you should set up a Unix domain member instead, by > trying to set up a standalone server, you are basically trying to set a > workgroup member. > > If you do go down the 'workgroup' line, you will have to create the > groups in AD and on the standalone server, along with ALL the users.So if I don't have an AD, I will just need to create the groups on the standalone server, along with the users, correct? I am guessing the wiki tutorial I am following (Setting up Samba as a Standalone server) is to create a File Server, right? Sorry for all this confusion.> Rowland > >Regards, Flavio Silveira
On Wed, 30 Aug 2017 10:04:18 -0300 Flávio Silveira via samba <samba at lists.samba.org> wrote:> Hi Rowland, > > On 29/08/2017 17:55, Rowland Penny via samba wrote: > > On Tue, 29 Aug 2017 17:20:06 -0300 > > Flávio Silveira via samba <samba at lists.samba.org> wrote: > > > >> Good evening, > >> > >> I am trying to setup Samba as file server using this tutorial: > >> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Standalone_Server > > Why ? your last post was about setting up an AD DC, see here for how > > to setup a Unix domain member: > > > > https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member > > I think you are confusing me with someone else, my last post was > regarding running AD DC and File Server with the same Samba, no Unix > at all. Andrew answered it wasn't recommended, and as I am new, I > have decided to focus on the file server only, as it is what I need > for now, AD would be a plus. > > >> The version I am using is 4.6.7 from Van Belle's repo, on > >> Debian Stretch 9.1. > >> > >> I have a server subnet (192.168.13.x) and a client subnet > >> (192.168.11.x), currently, for testing purposes, the server is on > >> the same subnet as the clients. Will I have problems if after the > >> tests I move to the server subnet? > > No, not if you set up a Unix domain member, in which case you will > > only need the smb.conf and you can then just reuse this on all your > > unix machines. > > I don't have any Unix machine, the only machine I have runs Debian > Stretch 9.1. > > >> Clients are Windows 10 x64 build 1703 and it seems Master > >> Browser is broken on this version as "net view" gives me error > >> 2184. > >> > >> For my share structure I am thinking in dividing them in > >> departments (groups in this case): > >> > >> - Commercial (/srv/data/commercial) > >> > >> - Finances (/srv/data/finances) > >> > >> - Production (/srv/data/production) > >> > >> - Marketing (/srv/data/marketing) > >> > >> and so on. > >> > >> I can show all departments if needed, I need better ideas > >> anyway, as I can't figure out a way to give read/write access to a > >> single folder per department, if they need to exchange files for > >> some reason. > >> > >> The only thing I've changed in smb.conf from the tutorial was > >> adding "name resolve order" and putting dns as first. > > AD relies on dns so there is no need for that line in smb.conf > > I don't have an AD, my network is a simple WORKGROUP, and I gave up > the idea of setting up both AD and File Server for now as I would > need 2 machines, I only have one. > > > > >> Am I going in the right path here? > > No, probably not, you should set up a Unix domain member instead, by > > trying to set up a standalone server, you are basically trying to > > set a workgroup member. > > > > If you do go down the 'workgroup' line, you will have to create the > > groups in AD and on the standalone server, along with ALL the users. > > So if I don't have an AD, I will just need to create the groups on > the standalone server, along with the users, correct? > > I am guessing the wiki tutorial I am following (Setting up Samba as a > Standalone server) is to create a File Server, right? > > Sorry for all this confusion. > > > Rowland > > > > > > Regards, > Flavio Silveira >No, it must be me getting confused, or is that more confused ;-) How many users/computers do you have ? If it is only a small number, then (whatever Andrew says) you can use a Samba AD DC as a fileserver as well (it better be, Clearos use it as a DC and fileserver). It is better to use more than one DC with separate fileservers, but sometimes you have to make do with what you have ;-) The problem with setting up a standalone server is that you will need to create any users and groups, that will connect from windows, on the standalone server, this gives you multiple places to admin users and groups. Workgroups do not scale well, especially if users move about from computer to computer, this is the reason behind domains. Just because Samba doesn't recommend using a DC as a fileserver, doesn't mean you cannot do this. For 'standalone server' read (in windows parlance) 'A PC that isn't connected to a domain aka workgroup member) Rowland
On 30/08/2017 10:59, Rowland Penny via samba wrote:> On Wed, 30 Aug 2017 10:04:18 -0300 > Flávio Silveira via samba <samba at lists.samba.org> wrote: > >> Hi Rowland, >> >> On 29/08/2017 17:55, Rowland Penny via samba wrote: >>> On Tue, 29 Aug 2017 17:20:06 -0300 >>> Flávio Silveira via samba <samba at lists.samba.org> wrote: >>> >>>> Good evening, >>>> >>>> I am trying to setup Samba as file server using this tutorial: >>>> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Standalone_Server >>> Why ? your last post was about setting up an AD DC, see here for how >>> to setup a Unix domain member: >>> >>> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member >> I think you are confusing me with someone else, my last post was >> regarding running AD DC and File Server with the same Samba, no Unix >> at all. Andrew answered it wasn't recommended, and as I am new, I >> have decided to focus on the file server only, as it is what I need >> for now, AD would be a plus. >> >>>> The version I am using is 4.6.7 from Van Belle's repo, on >>>> Debian Stretch 9.1. >>>> >>>> I have a server subnet (192.168.13.x) and a client subnet >>>> (192.168.11.x), currently, for testing purposes, the server is on >>>> the same subnet as the clients. Will I have problems if after the >>>> tests I move to the server subnet? >>> No, not if you set up a Unix domain member, in which case you will >>> only need the smb.conf and you can then just reuse this on all your >>> unix machines. >> I don't have any Unix machine, the only machine I have runs Debian >> Stretch 9.1. >> >>>> Clients are Windows 10 x64 build 1703 and it seems Master >>>> Browser is broken on this version as "net view" gives me error >>>> 2184. >>>> >>>> For my share structure I am thinking in dividing them in >>>> departments (groups in this case): >>>> >>>> - Commercial (/srv/data/commercial) >>>> >>>> - Finances (/srv/data/finances) >>>> >>>> - Production (/srv/data/production) >>>> >>>> - Marketing (/srv/data/marketing) >>>> >>>> and so on. >>>> >>>> I can show all departments if needed, I need better ideas >>>> anyway, as I can't figure out a way to give read/write access to a >>>> single folder per department, if they need to exchange files for >>>> some reason. >>>> >>>> The only thing I've changed in smb.conf from the tutorial was >>>> adding "name resolve order" and putting dns as first. >>> AD relies on dns so there is no need for that line in smb.conf >> I don't have an AD, my network is a simple WORKGROUP, and I gave up >> the idea of setting up both AD and File Server for now as I would >> need 2 machines, I only have one. >> >>>> Am I going in the right path here? >>> No, probably not, you should set up a Unix domain member instead, by >>> trying to set up a standalone server, you are basically trying to >>> set a workgroup member. >>> >>> If you do go down the 'workgroup' line, you will have to create the >>> groups in AD and on the standalone server, along with ALL the users. >> So if I don't have an AD, I will just need to create the groups on >> the standalone server, along with the users, correct? >> >> I am guessing the wiki tutorial I am following (Setting up Samba as a >> Standalone server) is to create a File Server, right? >> >> Sorry for all this confusion. >> >>> Rowland >>> >>> >> Regards, >> Flavio Silveira >> > No, it must be me getting confused, or is that more confused ;-) > > How many users/computers do you have ?About 30 users/computers, a bit less> If it is only a small number, then (whatever Andrew says) you can use a > Samba AD DC as a fileserver as well (it better be, Clearos use it as a > DC and fileserver). > It is better to use more than one DC with separate fileservers, but > sometimes you have to make do with what you have ;-)Indeed, in my case I only have poor PC hardware for now, maybe in the future I will get better hardware with lots of processing power, so I can have more VMs and then separate them.> The problem with setting up a standalone server is that you will need > to create any users and groups, that will connect from windows, on the > standalone server, this gives you multiple places to admin users and > groups. Workgroups do not scale well, especially if users move about > from computer to computer, this is the reason behind domains.When you say "multiple places to admin users and groups", what do you mean? If I have only one standalone server, wouldn't it be the only place to admin them? The users tend to be static over here, but if they could move from computer to computer it would be a nice thing to have.> Just because Samba doesn't recommend using a DC as a fileserver, > doesn't mean you cannot do this. > > For 'standalone server' read (in windows parlance) 'A PC that isn't > connected to a domain aka workgroup member)Got it, thanks!> Rowland > >Regards, Flavio Silveira