D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] Samba should I be concerned ?

 

On 19/04/13 21:32, Simon Avery wrote:
Sledgehammer/nut scenario?

security=share works well when you don't particularly care about security
or features and you just have a few read/write smb shares knocking about. I
certainly wouldn't want the hassle of setting up AD/S4 on a home network
and maintaining it.

Kevin - if it works as it is and you're happy, leave it alone, imo.




But it doesn't work, does it? That's kind of the whole point...

Admittedly, this is probably typical of my nuclear approach and is maybe a bit beyond the reach of a casual nerd, but really, setting up Samba4 isn't difficult - there are several 5 line tutorials that can be followed to be up and running straight away. You can feel free to ignore all the configuration afterwards if you don't want group policy, kick scripts, roaming profiles and all the other enterprise type features, which Kevin almost definitely doesn't by the sound of it. And because it's such a small, low traffic network the overheads of running a full Samba4 DC on a single linux box will be almost non-existent, it's just another service that will occasionally eat 3% of a core every couple of hours.

But, yeah, sure, I suppose this is another example of me doing "go big or go home" - am I really that strange for just wanting to things once, do them properly and never touch them again though? And potentially what you've called "hassle" could also be called a valuable self-taught learning experience, and another important box ticked on the CV... Current SMB/Samba4 skills are much in demand - I certainly make good money setting this up for companies.

To compromise, I actually do have a hopefully easier and - trust me - a much more straightforward suggestion. If you just want a small group (10 at absolute most) of machines running mixed linux and windows OS flavours to be able to access each others shares, r/w if necessary and without the hassle of a centralized authorisation server with LDAP, single sign on, DNS, etc then SMB is absolutely the wrong way to go. security=share is still a clusterf*ck waiting to happen with the differing SMB protocol levels available, poor hashing on older NTLM mechanisms, etc, etc (even windows inability to be case-sensitive where it counts can be a problem) and it's much easier to teach windows to talk either/or NFS and SSH than teach linux SMB properly. There are countless free/opensource/proprietary solutions (including Cygwin, Exceed, FreeNFS, Putty, WinSCP...) which will take 5 secs to install and setup: hell, even setting up Apache to do WebDAV, or a vanilla FTP server are all arguably quicker and better solutions to enable simple r/w access between hosts. Anything, just not SMB - it's complex, deceptively so, especially if you're paradoxically only trying to setup something very simple. Vista/7/8 all even have optionally installable NFS servers/clients built in (not the crappy home versions though).

Obviously though, even if it doesn't work, as long as people are happy with what they've got there is nothing compelling them to ever follow my advice - it's only advice, not commands :]

Regards
-- 
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq