Please make sure you tell me if I'm wrong in any way in my "*** WORTH NOTING ***" sections below...
1) First Step: Remove my FreeNAS box from my existing domain:
*** WORTH NOTING ***
- I can take FreeNAS out of the domain but destroying my entire domain is not an option.
- I'm hoping that this solution will work along side a domain environment.
- Expected results; Have a client PC (MARS) log on to the FreeNAS box (fn1) using user 'arvo' (local FreeNAS user) while logged on to the domain as '
arvo.bowen@galaxy.local'.
- MARS is on a domain (galaxy.local), fn1 is NOT on a domain.
Now in saying all that, what are the best steps in removing my FreeNAS box from the domain? I turned off the Directory Services service, I went into settings and changed the Directory Service setting from "Active Directory" to "---------".
Would that be sufficient?
2) Second Step: Setting FreeNAS up to work in a WORKGROUP inside of a DOMAIN environment:
*** WORTH NOTING ***
- I plan on using the workgroup name "GALAXY" and this will work around the domain name "galaxy.local"
- FreeNAS will ONLY be using an internal user database. All other PCs and servers will be using the domain's (AD) user database.
You say in CIFS settings 'Local Master: Checked' and 'Time Server for Domain: checked'. My "local master" would be the domain server. If I have FreeNAS as my local master would that not cause conflicts on my domain? Also my NTP server is my DC also... Can I just leave those two unchecked for now? Or do you know for a fact that those are needed to make it work?
One last question (right now) to ask on this big change... When this is all said and done, can the following be accomplished?...
FreeNAS Server (fn1):
- Workgroup "GALAXY"
- Users "Administrator", "xbmc", "arvo"
-> Administrator = xbmc_rw member
-> xbmc = xbmc_r member
-> arvo = xbmc_rw member
- Groups "xbmc_r", "xbmc_rw"
- Share "xbmc"
-> xbmc_r = read only access
-> xbmc_rw - read/write access (Full)
Client PC (MARS):
- Domain "galaxy.local"
- Logged on user "
arvo.bowen@galaxy.local"
- Browse to fn1 and use user name "arvo"
- Access "xbmc" share and have full control
Client PC (LRHTPC):
- Domain "galaxy.local"
- Logged on user "
xbmc@galaxy.local"
- Browse to fn1 and use user name "xbmc"
- Access "xbmc" share and have read only
Client PC (BRHTPC):
- Workgroup "GALAXY"
- Logged on user "xbmc"
- Browse to fn1 and use user name "xbmc"
- Access "xbmc" share and have read only
EDIT - Question
Next create a group, lets call it "my-group"..
Next create two user accounts, one will be the owner of the NAS (all the files), and the second will be an under privileged account. Lets call them "myadmin" and "myuser" for the sake of this document. Make sure the myadmin account is a member of the "wheel" group and make sure myuser is a member of my-group. Use the FreeNAS web GUI to do all of this. Also, I would recommend that you don't have these same named accounts on the Windows box, since it makes it harder to see what account you are actually accessing the share as. Later, once it is working you can make changes to match the accounts to windows to make things easier.
This concerns me... I need to make sure I'm clear on this... I do not want to involve the "wheel" group. For example, above... The local user 'arvo' needs Full control over the 'xbmc' share but NOT over everything in the volume I created. So using the "wheel" group would be counter productive. Wheel is the equivalent to the domain admin group... It would let that user do ANYTHING anywhere if I'm not mistaken.