Some may remember my thread a few months ago, I asked how to set up a somehow protected AD: I run 2 servers for a department of a company. They have a ADS Domain BIGCOMPANY and we want and have to deny access to their admins ... although it would be comfortable to run the 2 sambas as domain member servers (password policies from upstream etc) So I am NOT admin in their domain but have to make sure that only the ~5 users of the department can access the shares on my sambas. ok there is "valid users" per share ... and the linux root user is completely separate anyway. Would that be enough?
Am 07.11.18 um 09:57 schrieb Stefan G. Weichinger via samba:> > Some may remember my thread a few months ago, I asked how to set up a > somehow protected AD: > > I run 2 servers for a department of a company. > > They have a ADS Domain BIGCOMPANY and we want and have to deny access to > their admins ... although it would be comfortable to run the 2 sambas as > domain member servers (password policies from upstream etc) > > So I am NOT admin in their domain but have to make sure that only the ~5 > users of the department can access the shares on my sambas. > > ok there is "valid users" per share ... and the linux root user is > completely separate anyway. > > Would that be enough?q2: does someone have a clever script to regenerate passwords on a standalone server? I'd like to run it via cron once a month ... just to comply to upstream requirements to rotate passwords ...
Am 08.11.18 um 12:22 schrieb Stefan G. Weichinger via samba:> does someone have a clever script to regenerate passwords on a > standalone server? > > I'd like to run it via cron once a month ... just to comply to upstream > requirements to rotate passwords ...I wonder if a nice ansible playbook might help me here ...