We are looking at migrating all of of shared folders and files to one server. Currently it’s spread out over a few severs which has been the method for the past years but now we want to upgrade and consolidate.
We have been kicking around the idea of a Linux (Ubuntu to be exact) based file & print server. Which I’m familiar with the OS but what I’m not sure of is how to migrate the Windows shares (including user access rights,security,etc) over to the Linux machine and maintain those rights.
Another thing I’m not positive about is interlinking the Linux box with our Windows based LDAP for those permissions to be implemented. I know there is the Kerberos daemon which works fine within our domain but in the security and access control of a particular share via Samba we cannot select users from the domain to be “authorized” to use the share.
Info: I’m using Webmin to access the “GUI” of the Samba shares.
Mostly looking for information and literature on this, but if it becomes to troublesome we may have to stick with the Windows Server OS, which we are trying to avoid just to save a few bucks and some overhead on the machines performance.
Thanks in advance for any information!
The CIFS/Samba implementation in FreeNAS is excellent, we have several FreeNAS boxes and VMs going in an active directory enviroment, using AD for permissions on the shares. It’s also extremely easy to set up and configure.
Once we’ve set up the FreeNAS box and enabled the CIFS/Samba service, we add the following to the ‘Auxiliary Parameters’ box in the CIFS service settings:
client use spnego = yes winbind enum groups = no winbind enum users = no winbind separator = + winbind use default domain = yes wide links = no
Some of this may be unnecessary, but make sure to keep the ‘wide links = no’ in there as it mitigates a potential samba directory traversal vulnerability.
You can the create your shares. To set permissions via AD, we would add the following line to the ‘Auxiliary Parameters’ box for each individual share with the groups and/or users we want to have access to the share:
Valid Users = @OURDOMAIN+Somegroup @OURDOMAIN+'Some Other Group' OURDOMAIN+someuser OURDOMAIN+someotheruser
Note the groups preceded by ‘@’, everything is separated by spaces, and groups or users with a space in their name are single-quoted.
FreeNAS installs and runs on FreeBSD rather than Linux, which allows it to include things like ZFS, but if you’re determined to use Linux, OpenFiler is the Linux-based version of the same project.
If you do want to roll your own rather than use one of these distros (though they will simplify things for you immensely), you also might want to look into Likewise as an alternative to Samba for getting your box on the AD domain.
EDIT: Wow, sounds like you’ve got a lot of shares to migrate — you may be able to script the addition of new shares, but be careful — the smb.conf file gets overwritten from the /conf/config.xml file in FreeNAS each time the system restarts. You might be able to create the xml share definitions from your sharenum output to then paste into copfig.xml, using an example share you make as the template, but these get their own uuid from FreeNAS so I’m not sure how that will work — I suggest experimenting after install and before you migrate.
Leave a comment
- Is there a way for administrators to disable users from installing Firefox extensions?
- Is there research material on NTP accuracy available?
- How to create a limited “domain admin” that does not have access to domain controllers?
- Can Windows RDC admin users be immune from being kicked?
- Domain Administrators account policy (After PCI audit)