(sorry in advance for the long post)

What I’m looking for:

Basically, without a lot of work to setup and maintain a Domain/Kerberos server, what’s the best way to provide consistent logins and remote folder/share (from a server) access across various Linux desktops


I’ve configured domain controllers using Samba. I’ve also configured Linux systems as domain-joined hosts. Between the two I tend to find that keeping talking - especially for systems that are only on infrequently - can be a bit troublesome. Updates sometimes break the Samba server, tokens expire, etc etc

I’ve also used NFS of various versions, but found v4 with the Kerberos implementation a bit finicky (for similar reasons to the SMB based implementation). NFSv3 of course is fairly fast and efficient, but lacks the user-level authentication and relies on IP’s for access-control.


Now it’s been awhile since I’ve given a shot at this except for some NFS shares between VMs and SSHFS for desktops, it would be nice to have a consistent but easily maintainable way to provided common shares for larger files (videos, albums, 3d models, and projects etc) without having to constantly troubleshoot. Maybe the domain/NFS route had gotten easier but it still seems to be fairly manual at times.

  • phxOP
    link
    fedilink
    arrow-up
    2
    ·
    edit-2
    10 months ago

    I do actually have a NextCloud instance, which I primarily use for editing Documents (via Collabora) or syncing backups of folders like Pictures etc from the phone.

    SMB/Samba by itself for just sharing folders I’ve had little issue with. Samba as a domain controller with domain-joined clients tied to domain logins is a more complicated beast and - in my experience -prone to breakage in my experience (expired tokens, certificate lifetimes, DNS integration, upgrade issues, etc) BUT it can provide a fairly complete package end-to-end when it works. I just feel that there should be a more Linux-centric/friendly and less bloaty solution that still others decent account-level security.

    When you ask “only on LAN” the answer is yes with the caveat that I do also work through VPN, but that’s often functionally the same thing save that the VPN login occurs after the user-login

    • MentalEdge@sopuli.xyz
      link
      fedilink
      arrow-up
      1
      ·
      10 months ago

      I don’t think you can get more “linuxy” than samba. You can go down to something simpler, like FTP, or SHHFS which is basically also FTP, but there’s no SMB equivalent that’s “more linux”.

      It’s all just different implementations of different protocols that exist, and SMB is used the most for a reason.