-1

I want to switch from an old Windows Server 2003 server with Active Directory to a simple Ubuntu fileserver in a kind of school building with Windows XP client machines, with a minimum impact to teachers and students habits. I want to make sure my approach is correct.

Before:

People logged in through Active Directory so that they got their personal configuration on no matter what computer (desktop icons, Outlook Express email account config...). Then they had been granted access to the corresponding directories on the server.

After (what I am planning to do):

People log in the generic User account (one user account in each PC; everybody uses every PC) and then try to access directories using a previously prepared list of shortcuts from the desktop. They enter their samba user and password and if it matches that directory permissions they access it.

This way they will have to set their email accounts in only one particular computer. Maybe with Thunderbird to have an easy email user management. And older messages will have to be backed up

Does this logging system make sense? Any other idea to simplify?

In the future, I plan to migrate printer sharing to Ubuntu also.

Falcon Momot
  • 25,244
  • 15
  • 63
  • 92
Rober
  • 3
  • 2
  • **Does this logging system make sense? Any other idea to simplify?** No. Not to put too fine a point on it, that's a stupid idea and only a stupid IT Professional would suggest it. You will greatly complicate securing the system this way (in fact you will make it impossible) and you will give the users a poorer user experience of the network than they probably have at the moment, assuming the Windows/AD config was done competently of course. – Rob Moir Oct 02 '13 at 09:58
  • Got it. Bad idea. BTW, are we downvoting for how confused I was as asker and how bad ideas I had, OR how bad the question was explain/asked/detailed? – Rober Oct 02 '13 at 10:34
  • lack of research effort - the reasons this is a bad idea are fairly basic principles. – Rob Moir Oct 02 '13 at 10:36

1 Answers1

1

Normally, I would've flagged this question, but in the interest of the users and the general public I'll provide an answer anyway.

What you are trying to do is bad and degrades usability, privacy and maintainability. Having many users sharing one single account is just asking for trouble - especially in a school environment. Oh, the fun we had back then with setups of this kind...let me tell you, the school's IT admin could not really keep up with us kids, until some Pro's were brought in.

If you are going to replace Windows with Linux, please do it in a way which does not alienate users (this is applicable to any migration, btw) and stains the image of the Linux Desktop.

At the very least, learn to implement LDAP for a centralized user management, for example with FreeIPA. You might even keep the AD server and connect your clients, and Samba Server to it, though keep in mind that this is a bit more advanced than just implementing LDAP from scratch.

Roman
  • 3,907
  • 3
  • 21
  • 34
  • i totally agree with roman. it's a pretty bad idea removing centralized auth. i suggest you to have a look at openldap, samba4 and winbind docs. moreover if you plan to migrate clients, AD can easily authenticate also unix boxes, just enabling the appropriate feature of the ad role. – Valerio Minetti Oct 02 '13 at 09:11
  • Ok. Understood. Totally changing the plan, then... – Rober Oct 02 '13 at 10:28