Advice for user / access management

[eRJe]

Hi,

I have an environment of Windows computers, Apple devices, Linux systems and of course FreeBSD (Truenas). With Truenas I share samba shares in the network for all systems.

Most important I like to have central control of the samba shares user access. Secondly, I like to have a centralized user management for at least Linux and FreeBSD. Windows is a bonus. Apple stuff not important.

What system (protocol) would be the way to go?

Thanks for you input

 

[anodos]

All of the mentioned OSes can join active directory. Look into AD-based solutions (either microsoft or Samba-based). Note, this is not something to be taken lightly, you should study the relevant technologies carefully (LDAP, Kerberos, DNS, etc).

 

[eRJe]

Because I have experience with AD within a 100% Windows environment, I've explored AD with SMB4 in the past but concluded it was too complicated. I didn't check on it's current status but back then I spend many evenings trying to set it up without much progress. Most likely because I did (do) not have enough background knowledge.

But I'd be happy if I can only centralise the user management for the Linux and FreeBSD systems. LDAP would then be sufficient, right?

During my reading I also discovered that I could move away from samba and use NFS instead. All the OS's in my network support this. It's faster and provides better access management (right?). But I'm confused by a note in the FreeNAS 11.3-U5 User Guide (page 237). Although it's not the version I'm running this should not have changed since. The note states that iSCSI is preferred above NFS when FreeNAS runs on an ESXi host. Reading the linked article, this is about using NFS shares as ESXi datastores. I'm not doing this.

Can I assume that creating NFS shares within TrueNAS (for my network shares only) will have no performance impact? (The note has been removed in more recent documentation).

Thanks for your help.

 

[anodos]

But I'd be happy if I can only centralise the user management for the Linux and FreeBSD systems. LDAP would then be sufficient, right?

Not if you want to use these credentials for SMB access. If security isn't a concern, then you can use NFSv3. Kerberos + NFSv4 is somewhat to significantly more fiddly than using SMB + active directory.