Noob Centos Admin wrote: > On Tue, Feb 24, 2009 at 5:52 AM, Les Mikesell <lesmikesell at gmail.com> wrote: >> Is there a windows domain or AD in this picture somewhere? > > Not at all for all the usual Windows network migrations I've been > setting up. Typically small offices with less than 20 people so they > simply used workgroups without domains. That makes it somewhat harder to use multiple machines since you end up having to create and maintain passwords on each. >> If you want something nicer, run freenx on the server and the NX > > Thanks for the suggestion, I discovered freenx just days ago and > actually had the packages installed on the new setup, just have not > gotten around to using it. It is very much worth the trouble. >> Then the samba shares look like: >> >> [aaa-share] >> comment = aaa workspace >> path = /path/to/aaa-share >> public = no >> valid users = @aaa >> writable = yes >> printable = no >> force create mode = 0775 >> force directory mode = 775 >> force group = aaa > > I just had an OMFG moment reading your conf. Does the valid users=@aaa > means all users in the group aaa? I thought I had read it to mean > exclude hence never tried it, instead I had tried things like valid > users = groupAAA which obviously didn't work. Yes, valid users means the ones allowed to connect to the share and @groupname is the set of users in the group. On unix a different group is always a different group. Even if only one member is different between groups, don't try to make exceptions with ACLs or you'll wish you hadn't when the reasons for the exceptions change. >> If you use smb authentication against a domain controller >> all you have to do is create the linux users with the same login >> name. With winbind you might not even have to do that, but >> then I don't know how you >> control the groups. > > Would setting up a domain controller on the CentOS be better in the > long run for only 10 to 20 people situation? I've avoided it since I'm > still learning to setup Linux based servers and didn't want to bite > off more than I can chew. If you have to ask things like that, I'd recommend looking at the free SME server distribution. It mostly uses Centos packages, but is a 'windows server' appliance that will do everything you are likely to need and more (including acting as a domain controller) with all administration through simple web forms. http://www.contribs.org. It simplifies a lot of concepts - for example when you create groups you'll get email groups as well as unix permission groups, and when you create the shared workspaces it calls "ibays" you can access them via http, ftp, and samba, and can control public and private access separately. The only down side is that because it is already customized and uses perl scripts to build the config files, it is somewhat difficult to add or modify things beyond what it already provides. ClarkConnect is something similar and might be better these days but I haven't looked at it for a long time. I thought I saw a release notice that said they were adding LDAP authentication as an option even in the first system which is something Linux distros have needed for a long time. -- Les Mikesell lesmikesell at gmail.com