SAMBA?

lance

@Dashrender said:

I guess I'm missing something.

Even with Linux, you can have ACLs. Linux can participate in AD through LDAP and pass user credentials if they were ever needed.

That's where I am getting confused. I think I did read once that Linux can participate in AD through LDAP , but completely forgot about it since I have never used it. Thanks. If I ever needed to use it, does it work smoothly?

Dashrender

@lance said:

@Dashrender said:

I guess I'm missing something.

Even with Linux, you can have ACLs. Linux can participate in AD through LDAP and pass user credentials if they were ever needed.

That's where I am getting confused. I think I did read once that Linux can participate in AD through LDAP , but completely forgot about it since I have never used it. Thanks. If I ever needed to use it, does it work smoothly?

At this point I've exhausted all knowledge - I know it can be done, but like you have never done it.

Considering your situation - it sounds like this box would be a perfect SAM-SD platform! Maybe he can give you some pointers how to use it as storage and if needed you can set ACLs through one of your windows servers in the future? I would think this would only add a little complexity for possible huge payoffs in the future. and I think no need for Linux LDAP to AD integration.

scottalanmiller

@Dashrender said:

I guess I'm missing something.

Even with Linux, you can have ACLs. Linux can participate in AD through LDAP and pass user credentials if they were ever needed.

AD and ACLs are unrelated. One is directory and the other is filesystem. But yes, Linux can do both.

scottalanmiller

@Dashrender said:

SAMBA is a file sharing protocol not a file system.

If your server is running Linux, I'm pretty sure you wouldn't be using NTFS on it.

Samba is a server. SMB is a protocol.

Dashrender

@scottalanmiller said:

@Dashrender said:

I guess I'm missing something.

Even with Linux, you can have ACLs. Linux can participate in AD through LDAP and pass user credentials if they were ever needed.

AD and ACLs are unrelated. One is directory and the other is filesystem. But yes, Linux can do both.

Well presumably the OP doesn't want to have to maintain two separate user lists - I'm assuming with LDAP to AD integration that if he makes users on the Linux side to use for ACL then he'd have two logons for everyone who needed it, right?

scottalanmiller

@lance said:

@Dashrender said:

I guess I'm missing something.

Even with Linux, you can have ACLs. Linux can participate in AD through LDAP and pass user credentials if they were ever needed.

That's where I am getting confused. I think I did read once that Linux can participate in AD through LDAP , but completely forgot about it since I have never used it. Thanks. If I ever needed to use it, does it work smoothly?

That's not related to NTFS ACLs though.

scottalanmiller

@Dashrender said:

@scottalanmiller said:

@Dashrender said:

I guess I'm missing something.

Even with Linux, you can have ACLs. Linux can participate in AD through LDAP and pass user credentials if they were ever needed.

AD and ACLs are unrelated. One is directory and the other is filesystem. But yes, Linux can do both.

Well presumably the OP doesn't want to have to maintain two separate user lists - I'm assuming with LDAP to AD integration that if he makes users on the Linux side to use for ACL then he'd have two logons for everyone who needed it, right?

No need for a second LDAP service. Just bind Linux and/or Samba to AD. AD is an LDAP server.

lance

@scottalanmiller said:

@Dashrender said:

@scottalanmiller said:

@Dashrender said:

I guess I'm missing something.

Even with Linux, you can have ACLs. Linux can participate in AD through LDAP and pass user credentials if they were ever needed.

AD and ACLs are unrelated. One is directory and the other is filesystem. But yes, Linux can do both.

Well presumably the OP doesn't want to have to maintain two separate user lists - I'm assuming with LDAP to AD integration that if he makes users on the Linux side to use for ACL then he'd have two logons for everyone who needed it, right?

No need for a second LDAP service. Just bind Linux and/or Samba to AD. AD is an LDAP server.

I'm going to give it a shot. I will let you know how it goes.

scottalanmiller

Joining CentOS to Windows AD.

Youtube Video

Dashrender

@scottalanmiller said:

@lance said:

@Dashrender said:

I guess I'm missing something.

Even with Linux, you can have ACLs. Linux can participate in AD through LDAP and pass user credentials if they were ever needed.

That's where I am getting confused. I think I did read once that Linux can participate in AD through LDAP , but completely forgot about it since I have never used it. Thanks. If I ever needed to use it, does it work smoothly?

That's not related to NTFS ACLs though.

That's true - that's why I posted my first post the way I did - there was mixing of terms Samba and NTFS - not talking the same language one is a sharing protocol and the other drive format.

I suppose that the OP didn't specify if they wanted the ACL set at the share level or at the filesystem level. Actually he did, it was that he needed no permissions. Although in light of things like Cryptolocker - if users don't normally need write permissions there, I'd limit them to read only for the sake of things like Cryptolocker.