On Tue, Apr 22, 2014 at 4:10 PM, John R Pierce pierce@hogranch.com wrote:
A lot of which is irrelevant if you just have one server, serving file shares.
active directory is relevant if you have more than a couple users, logging into desktop Windows machines, who want to connect to your server.
without that, you get to muck about with smbpasswd on a per user basis on the samba server, and their desktop passwords and smbpasswords are never in sync.
I never actually used it that way, but I thought that you were supposed to be able to change your password from windows when using samba as a domain (not AD) controller. And there was some support for making that change your linux password to match.
with active directory, you can manage the user access from a central location, and potentially manage desktop policies (security policies, login scripts, etc etc), even push application software installs via GPO's. note I said potentially as I don't know how much GPO support Samba4's AD implementation has.
You could also use samba with LDAP accounts. ClearOS might make that work out of the box but otherwise it is painful to set up. But going forward, finding a packaged samba4 that works is probably the best approach.