Hello there.
I usually manage linux servers on the internet and I never bothered with windows and how it manages users and credential in the network, so I'm asking a little help here.
There's a LAN with some Windows XP Pro and some Windows 7 Pro systems, no domain controller nor anything fancy. There's a strict 1:1 relation between human beings and PCs and windows users and IPs (1 person = 1 desk = 1 PC = 1 static ip address = his windows user).
We want to add a FreeNAS and build some shares with the following requirements:
- one share should be accessible to every system on the lan
- one share should be accessible only to some PCs/users (let's say they are A, B, C)
- one share should be accessible only to some other group, with some users also part of the former (let's say they're users C, D, E)
- one share should be dedicated to Windows Backup scheduled runs
- people should be free to change their local Windows password without requiring a central authority to update network credentials (ie. the password they need to log in to the local windows o.s. and use their computer)
- that actually means the network password of the same user could, and should, remain the same without changing
- it's ok if there is need for an administrator to actually change a user's network password
- there's no need to track different 'owners' or 'groups' for a share contents (files and directories), everything that is inside a share should be accessible r/w to everyone who has access to that share
I was thinking about creating one user in FreeNAS for every human being of the lan and assigning a password, then configuring all the CIFS shares to allow access to relevant users but then "force guest" so all files on the FreeNAS side actually belong to the same user. In my mind Windows should ask for user and password on the first connect to the shares and then remember the password for future login / powerons and never ask it again, even if the user changes its Windows login password. Am I assuming it right?
I could then do whatever I want with the backup share as long as windows backup does work - I could leave it without 'force guest' so people will not be allowed access to each other's backups.
Another idea is to give up working with users on the FreeNAS side at all, put everything under guest and just control access to shares based on the IP address of the client (not the best in the world but perfectly acceptable on this specific LAN).
As I'm really a windows-ignorant I'm seeking confirmation and/or advice on the above plan because I'm not really sure how those systems will react to using network credentials (on FreeNAS/cifs) different than the local one (password of local windows user). I tried doing some googling but the SNR is really low... there's plenty of material about integrating FreeNAS or other Samba-based systems in an existing AD domain or about trying to implement an AD controller on Samba, but I haven't been able to find userful material about users on a 'workgroup' LAN...
Any help will be appreciated, many thanks. I hope I'm posting in the right section of the forum, just tell me if I'm not or simply some moderator please move/delete my post.
I usually manage linux servers on the internet and I never bothered with windows and how it manages users and credential in the network, so I'm asking a little help here.
There's a LAN with some Windows XP Pro and some Windows 7 Pro systems, no domain controller nor anything fancy. There's a strict 1:1 relation between human beings and PCs and windows users and IPs (1 person = 1 desk = 1 PC = 1 static ip address = his windows user).
We want to add a FreeNAS and build some shares with the following requirements:
- one share should be accessible to every system on the lan
- one share should be accessible only to some PCs/users (let's say they are A, B, C)
- one share should be accessible only to some other group, with some users also part of the former (let's say they're users C, D, E)
- one share should be dedicated to Windows Backup scheduled runs
- people should be free to change their local Windows password without requiring a central authority to update network credentials (ie. the password they need to log in to the local windows o.s. and use their computer)
- that actually means the network password of the same user could, and should, remain the same without changing
- it's ok if there is need for an administrator to actually change a user's network password
- there's no need to track different 'owners' or 'groups' for a share contents (files and directories), everything that is inside a share should be accessible r/w to everyone who has access to that share
I was thinking about creating one user in FreeNAS for every human being of the lan and assigning a password, then configuring all the CIFS shares to allow access to relevant users but then "force guest" so all files on the FreeNAS side actually belong to the same user. In my mind Windows should ask for user and password on the first connect to the shares and then remember the password for future login / powerons and never ask it again, even if the user changes its Windows login password. Am I assuming it right?
I could then do whatever I want with the backup share as long as windows backup does work - I could leave it without 'force guest' so people will not be allowed access to each other's backups.
Another idea is to give up working with users on the FreeNAS side at all, put everything under guest and just control access to shares based on the IP address of the client (not the best in the world but perfectly acceptable on this specific LAN).
As I'm really a windows-ignorant I'm seeking confirmation and/or advice on the above plan because I'm not really sure how those systems will react to using network credentials (on FreeNAS/cifs) different than the local one (password of local windows user). I tried doing some googling but the SNR is really low... there's plenty of material about integrating FreeNAS or other Samba-based systems in an existing AD domain or about trying to implement an AD controller on Samba, but I haven't been able to find userful material about users on a 'workgroup' LAN...
Any help will be appreciated, many thanks. I hope I'm posting in the right section of the forum, just tell me if I'm not or simply some moderator please move/delete my post.