There is a network with windows 2008 AD DC and about 9 workstations
plus some printers.
The plan is to decomission the Win 2008 DC and reuse the hardware for
other purposes at a later time (may be a samba AD DC, not important
now).
Samba Standalone is to take the role of a File and Print Server in
this existing network.

Questions:
1. Can Samba 4.5 "standalone" be started temporarily in parallel with
Win DC so that workstations can "see" it and copy files to the samba
server? (there are no plans to join the Win DC domain with samba
standalone).

2. The workstations are a mix of windows 7, 8, 8.1 and 10. Wil they
"see" the standalone server while still being under the Win DC
control?

3. Do the workstations have to somehow "leave" the Windows AD DC first
in order to start using the standalone samba server? If yes then how
one does do that?

Thanks for any hints
best regards
linforpros

--
To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Hello,

Am 08.03.2017 um 23:17 schrieb Lin Pro via samba:

Questions:
1. Can Samba 4.5 "standalone" be started temporarily in parallel with
Win DC so that workstations can "see" it and copy files to the samba
server? (there are no plans to join the Win DC domain with samba
standalone).

Not just temporarily. You can have multiple standalone servers, AD DCs,
NT domains, and clients in the same network, as long as all host and
domain names are unique.

Of course you can access hosts outside your domain, too. As long as the
user an account on the host or in the foreign domain. Guest access
without authentication is of course also possible, if configured.

Of course, the user in your domain is in the background different to the
user on the standalone host. This means, if you change your password in
the domain, the one on the standalone host is still the same. And users
are only able to change the password from Windows in the domain they are
part of.

2. The workstations are a mix of windows 7, 8, 8.1 and 10. Wil they
"see" the standalone server while still being under the Win DC
control?

Sure. See question 1.

3. Do the workstations have to somehow "leave" the Windows AD DC first
in order to start using the standalone samba server? If yes then how
one does do that?

No. Just access/map the share using an Samba account that exists on the standalone host (if you don't allow anonymous access).

You can access/map the share the usual way: \\server\share


Regards,
Marc

--
To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Fri, 10 Mar 2017 11:41:23 -0600
Lin Pro via samba <samba@lists.samba.org> wrote:

Hi All,
It is unclear to me what group membership should \\server\users (or /srv/samba/users) get if it is planned to be ina standalone role...
and using only POSIX ACLs. The relevant wiki instructions are stating:

"Create the directory and set the correct permissions:

# mkdir -p /srv/samba/users/
# chgrp -R "Domain Users" /srv/samba/users/

# chmod 2750 /srv/samba/users/"

But there is a hidden assuption in the above that it is AD DC -
"Domain Users". Or may be I should just create a linux group by that
name or any other name and add all the future users to that group? In
the back of my head I may consider converting this standalone srv into
a Domain Member. Do you have an advice what to do in this case?

Besides:
groupadd "Domain Users" produces a warning - not a valid group name

It would, the hint is in the group name, a standalone computer is not
part of a Domain.

What you seem to be setting up is a 'WORKGROUP' and, if you have more
than about a dozen computers, you really do not want to do this. Your
users and groups will need to exist on EVERY computer, your users will
need to have the same password on every computer and if a user changes
a password, it will need to be changed on every computer.

Rowland



--
To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Am 10.03.2017 um 18:41 schrieb Lin Pro via samba:

It is unclear to me what group membership should \\server\users (or /srv/samba/users) get if it is planned to be ina standalone role...
and using only POSIX ACLs. The relevant wiki instructions are stating:

"Create the directory and set the correct permissions:

# mkdir -p /srv/samba/users/
# chgrp -R "Domain Users" /srv/samba/users/

# chmod 2750 /srv/samba/users/"

I added some sentences to be clear about this: https://wiki.samba.org/index.php/User_Home_Folders#Using_POSIX_ACLs

Besides:
groupadd "Domain Users" produces a warning - not a valid group name

The groupadd does not support spaces in the group name. Use underscores.

Anyway, in a non-domain environment, naming a group "Domain Users" seems
to guarantee confusion some day. :-)


Regards,
Marc


--
To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Hi All,
It is unclear to me what group membership should \\server\users (or /srv/samba/users) get if it is planned to be ina standalone role...
and using only POSIX ACLs. The relevant wiki instructions are stating:

"Create the directory and set the correct permissions:

# mkdir -p /srv/samba/users/
# chgrp -R "Domain Users" /srv/samba/users/

# chmod 2750 /srv/samba/users/"

But there is a hidden assuption in the above that it is AD DC -
"Domain Users". Or may be I should just create a linux group by that
name or any other name and add all the future users to that group? In
the back of my head I may consider converting this standalone srv into
a Domain Member. Do you have an advice what to do in this case?

Besides:
groupadd "Domain Users" produces a warning - not a valid group name

Lin



best regards
linforpros

--
To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

I added some sentences to be clear about this: https://wiki.samba.org/index.php/User_Home_Folders#Using_POSIX_ACLs

Anyway, in a non-domain environment, naming a group "Domain Users" seems to guarantee confusion some day. :-)

Thanks for the clarification.
The system now has "domain_users" group and users are added to that
group. Additionally /srv/samba/users is owned by that group with chmod
2750.
What is the logic however that when a user "justin" creates a
directory within its home dir /users/justin/testdir that dir receives drwxr-xr-x instead of what is stated in the smb.conf, and that is
0700, then it should become drwx------, correct?

Thank for any directions to understand it

Below is what I see:

[root@fedora samba]# getfacl users
# file: users
# owner: root
# group: domain_users
# flags: -s-
user::rwx
group::r-x
other::---

[root@fedora samba]# getfacl users/justin/
# file: users/justin/
# owner: justin
# group: domain_users
# flags: -s-
user::rwx
group::---
other::---

[root@fedora samba]# getfacl users/justin/justinFolder/
# file: users/justin/justinFolder/
# owner: justin
# group: domain_users
# flags: -s-
user::rwx
group::r-x
other::r-x

[root@fedora samba]# ls -ld users/
drwxr-s---. 4 root domain_users 4096 Mar 10 19:45 users/
[root@fedora samba]# ls -ld users/justin/
drwx--S---. 3 justin domain_users 4096 Mar 10 19:12 users/justin/
[root@fedora samba]# ls -ld users/justin/justinFolder/
drwxr-sr-x. 2 justin domain_users 4096 Mar 10 19:12 users/justin/justinFolder/





best regards
linforpros

--
To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)