Re: [Samba] Choosing Domain vs. Workgroup

2006-09-26 Thread Jonathan Johnson 
On 9/19/2006 9:01 AM, David Dyer-Bennet wrote:
> On 9/19/06, Felipe Augusto van de Wiel <[EMAIL PROTECTED]>
> wrote:
>> On 09/18/2006 12:08 PM, David Dyer-Bennet escreveu:
>> > I thought I wanted to set up my Solaris file-server as domain
>> > controller for my small home network, but the more I look at it the
>> > less I'm sure.  Plus I'm having trouble doing it :-).
> [snip]
>> > And some of the machines are running XP home, since that's what came
>> > on at least one of the laptops.  And one of them is a Mac.
>>
>> AFAIK, WinXP Home is not allowed to join domains.
>
> That's what I've read, as well.  I was trolling for confirmation, kinda.
That's not to say that XP Home cannot communicate with a Samba domain as
a workgroup member. You'll just have to maintain user security
information separately on the Home machines, you won't be able to take
advantages of the features of a domain. (Remember, a domain is just a
workgroup with centralized security management.) Likewise, the Mac will
have its own security database, unless you can figure out how to make it
use kerberos authentication against the Samba domain (theoretically
possible if you are running OS X).

With more than a few machines, user management is a nightmare on XP
Home. Also, for NTFS filesystem security, XP Home is missing the GUI
tools. The security features are there, you just have to use CACLS from
the command line and that gets ugly.

-Jonathan Johnson
Sutinen Consulting, Inc.
www.sutinen.com

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Choosing Domain vs. Workgroup

2006-09-19 Thread David Dyer-Bennet 

On 9/19/06, Felipe Augusto van de Wiel <[EMAIL PROTECTED]> wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 09/18/2006 12:08 PM, David Dyer-Bennet escreveu:
> I thought I wanted to set up my Solaris file-server as domain
> controller for my small home network, but the more I look at it the
> less I'm sure.  Plus I'm having trouble doing it :-).
>
> I do plan to put my primary files (and other people's) on the server,
> for better safety (mirrored disks, and ZFS) and backup.
>
> I certainly want the logon transactions over the network to be
> encrypted, but I believe that can be done in a workgroup.

You could think about kerberos and other resources, LM
passwords are not //that safe//. :)


Well, mostly it's a wired network, not wireless, and I'm reasonably
trusting of the people on the wired network (or, to put it
differently, since they live here, they have physical access any time
I'm out of the house, so they don't *need* to crack it from the stuff
on the network to compromise my system). And a switched network, so
snooping my traffic isn't all *that* easy.  And the wireless part is
WPA encrypted (or is it WAP?  Not WEP, anyway).

So I think I'm not going to try to introduce myself to Kerberos,
thanks all the same!

[snip]


> And some of the machines are running XP home, since that's what came
> on at least one of the laptops.  And one of them is a Mac.

AFAIK, WinXP Home is not allowed to join domains.


That's what I've read, as well.  I was trolling for confirmation, kinda.


> So, do I get any benefits by setting up a domain instead of just a
> workgroup?  Can I even get all these machines to use a domain?

I think you are going to lost instead of win, starting
with the WinXP Home.


It's looking that way to me as well.  Well, I've got much more
experience using samba on workgroup setups, so maybe I'll get this
worked out soon once I give up on the domain stuff.


> (Also a couple of previous postings yesterday got no answers *and*
> don't seem to be in the list archives, so this is a test to make sure
> I can post, too.)

Looks like it works now. :)


Yes, thanks!
--
David Dyer-Bennet, , 
RKBA: 
Pics: 
Dragaera/Steven Brust: 
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Choosing Domain vs. Workgroup

2006-09-19 Thread Felipe Augusto van de Wiel 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 09/18/2006 12:08 PM, David Dyer-Bennet escreveu:
> I thought I wanted to set up my Solaris file-server as domain
> controller for my small home network, but the more I look at it the
> less I'm sure.  Plus I'm having trouble doing it :-).
> 
> I do plan to put my primary files (and other people's) on the server,
> for better safety (mirrored disks, and ZFS) and backup.
> 
> I certainly want the logon transactions over the network to be
> encrypted, but I believe that can be done in a workgroup.

You could think about kerberos and other resources, LM
passwords are not //that safe//. :)


> I'm not at all sure I want to put my home directory on the server.  I
> want to access my data files, but the home directory is pretty system
> specific for me and the systems have different software loaded and
> different OS versions -- this is not a corporate network!

You can keep it separated.


> There's no ldap or anything, the workgroup or domain will be its own
> source of information on who can log in.

Ok, no problem, you can use smbpasswd (tdbsam).


> And some of the machines are running XP home, since that's what came
> on at least one of the laptops.  And one of them is a Mac.

AFAIK, WinXP Home is not allowed to join domains.


> So, do I get any benefits by setting up a domain instead of just a
> workgroup?  Can I even get all these machines to use a domain?

I think you are going to lost instead of win, starting
with the WinXP Home.


> (Also a couple of previous postings yesterday got no answers *and*
> don't seem to be in the list archives, so this is a test to make sure
> I can post, too.)

Looks like it works now. :)

Kind regards,

- --
Felipe Augusto van de Wiel <[EMAIL PROTECTED]>
Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE
http://www.paranacidade.org.br/   Phone: (+55 41 3350 3300)
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Debian - http://enigmail.mozdev.org

iD8DBQFFD/HGCj65ZxU4gPQRAmDsAJwP9bCxOnKmLUJjkgNcw3wzOyMDJwCdF/gk
KgISUKkxAWXKl1GOlTR0Aag=
=24f8
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Choosing Domain vs. Workgroup

2006-09-18 Thread David Dyer-Bennet 

I thought I wanted to set up my Solaris file-server as domain
controller for my small home network, but the more I look at it the
less I'm sure.  Plus I'm having trouble doing it :-).

I do plan to put my primary files (and other people's) on the server,
for better safety (mirrored disks, and ZFS) and backup.

I certainly want the logon transactions over the network to be
encrypted, but I believe that can be done in a workgroup.

I'm not at all sure I want to put my home directory on the server.  I
want to access my data files, but the home directory is pretty system
specific for me and the systems have different software loaded and
different OS versions -- this is not a corporate network!

There's no ldap or anything, the workgroup or domain will be its own
source of information on who can log in.

And some of the machines are running XP home, since that's what came
on at least one of the laptops.  And one of them is a Mac.

So, do I get any benefits by setting up a domain instead of just a
workgroup?  Can I even get all these machines to use a domain?

(Also a couple of previous postings yesterday got no answers *and*
don't seem to be in the list archives, so this is a test to make sure
I can post, too.)
--
David Dyer-Bennet, , 
RKBA: 
Pics: 
Dragaera/Steven Brust: 
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba