Comment on W10 small business environment proposed setup.

Page 2 of 3 FirstFirst 123 LastLast

  1. Posts : 63
    Win 10 1803
       #11

    Also wanted to add: If you go with a Workgroup as opposed to a Domain (and it's added expense), I would add the same users to the Primary Workstation as are on each of the Laptops to facilitate sharing.

    Then you could use JumpCloud to manage passwords/password changes for each user on the Laptops and the Primary Workstation as needed. I believe JumpCloud is still free for the first 10 users in your JC account, but if you use it, and find value with JumpCloud, you should definitely go paid as soon as you can afford it...

    For me, my issue with JumpCloud is not being able to figure out how to properly use/configure the JumpCloud LDAP...but that's on me... and if you are only using it (JumpCloud) to manage passwords/accounts, LDAP probably shouldn't come into play at all... I can easily change passwords on all my Windows and Linux Clients (at least Linux Passwords, but not Samba - yet) where I have the Jumpcloud agent running.

    Also though I haven' tried setting it up (and don't have experience with O365/JumpCloud), you can also use JumpCloud to manage O365 - not sure how hard that is to set up though... Hopefully easier than (my understanding) of JumpCloud LDAP
      My Computer

  2. bro67's Avatar
    Posts : 8,353
    Mac OS Catalina
       #12

    abenavraham said:
    Also wanted to add: If you go with a Workgroup as opposed to a Domain (and it's added expense), I would add the same users to the Primary Workstation as are on each of the Laptops to facilitate sharing.

    Then you could use JumpCloud to manage passwords/password changes for each user on the Laptops and the Primary Workstation as needed. I believe JumpCloud is still free for the first 10 users in your JC account, but if you use it, and find value with JumpCloud, you should definitely go paid as soon as you can afford it...

    For me, my issue with JumpCloud is not being able to figure out how to properly use/configure the JumpCloud LDAP...but that's on me... and if you are only using it (JumpCloud) to manage passwords/accounts, LDAP probably shouldn't come into play at all... I can easily change passwords on all my Windows and Linux Clients (at least Linux Passwords, but not Samba - yet) where I have the Jumpcloud agent running.

    Also though I haven' tried setting it up (and don't have experience with O365/JumpCloud), you can also use JumpCloud to manage O365 - not sure how hard that is to set up though... Hopefully easier than (my understanding) of JumpCloud LDAP
    There is no messing with LDAP with Jumpcloud. It is meant to be used with Cloud services in mind, so that those who remote connect/commute, have access to what they need and are controlled as to what services they can access. Plus their password changes from the Jumpcloud Console, no longer having to go through multiple hoops to change a bunch of cloud services access, along with locking users out if need be.
      My Computers


  3. Posts : 63
    Win 10 1803
       #13

    bro67 said:
    There is no messing with LDAP with Jumpcloud. It is meant to be used with Cloud services in mind, so that those who remote connect/commute, have access to what they need and are controlled as to what services they can access. Plus their password changes from the Jumpcloud Console, no longer having to go through multiple hoops to change a bunch of cloud services access, along with locking users out if need be.
    Sorry bro67 - Not sure what you are saying.

    I am able to manage users/passwords on both Windows and Linux Clients with JumpCloud agent installed (just you average basic stuff). I haven't had a need to go beyond that with any "cloud" services being controlled via the JC console.

    Where I am running into issues is getting my Linux Samba server (Samba4 on Ubuntu 18.04) to use Jumpcloud LDAP/SAMBA for authenication properly configured. I can't find exact instructions on how to configure my SMB.CONF file to allow JC LDAP as the "password backend". I'm sure that this is where I am going wrong but:

    As per Jumpcloud "support" docs I have tried many different things to make it work and was never sucessful. JC does provide a sample "smb.conf" file but it seems to be lacking in instructions and the docs even says somewhere on one of the support doc pages that due to differences in distributions that they (paraphrased) "can't give exact instructions". However my Samba server is a default install of Samba4 on Ubuntu (18.04) so I don't understand why I can't get more detailed instruction for such a basic install.

    Bottom line is that if I can't make it work as it is implied that it should, and can't get help doing it, then I won't use the product.

    Here is a blurb from JC on what I should be able to do with JC LDAP and Samba, but for me it doesn't work:

    Samba File Server and NAS Authentication with JumpCloud

    I do believe that if I had one of the supported NAS devices that I would have much less trouble making this work, however this is a simple DIY Samba server running on Ubuntu 18.04 and so far I have had no luck.

    I attribute this failure to my not understanding what should go where in my Samba config due to me being less than conversant with JumpCloud LDAP and the more involved intricacies of Samba, particularly Samb4.

    I feel that there are gaping holes in not just my knowledge, but also on instruction from JumpCloud on this issue...

    I am able to set up Domain Controllers using both Zentyal and NethServer, but that is primarily due to the fact that both those distros make it incredibly easy. Probably if I tried to roll my own Samba4 Domain controller from scratch I would probably fail at that also... Thank goodness for Zentyal and NethServer ;-)
      My Computer


  4. Posts : 63
    Win 10 1803
       #14

    bro67 - Also wanted to add - if you know of any links for configuring Samba to allow JC LDAP to authenticate my Samba Shares that would be awesome! I think I have searched all the docs about this on the JumpCloud website, but it still doesn't work. Any outside links you know of might be helpful... Thanks!
      My Computer

  5. bro67's Avatar
    Posts : 8,353
    Mac OS Catalina
       #15

    You do not have to configure SaMBa for Jumpcloud. You install the agent for Linux and it takes over from there. I have zero issues managing a Ubuntu workstation.
      My Computers


  6. Posts : 63
    Win 10 1803
       #16

    bro67 said:
    You do not have to configure SaMBa for Jumpcloud. You install the agent for Linux and it takes over from there. I have zero issues managing a Ubuntu workstation.
    I have to disagree with you on this. It isn't working for me.

    I also have no issue managing the Users and Linux Passwords via the JumpCloud agent for my Linux Clients. That works without issue. Where the issue arises is if I do a password change via the JumpCloud Console. Yes I can log into the Linux client with the new password, BUT the SAMBA password is NOT updated and only works with the old password.

    Somewhere in the smb.conf file there should be an "LDAP section" added - I can only guess that it is added during the agent installation, BUT that apparently isn't happening on my Server. No change is being done to my smb.conf at all. There is no LDAP section (as shown in the Jumpcloud sample smb.conf) being created which points back to the JC LDAP server as the "passdb backend" (see below) so the Samba password is not being updated. The only way I can have the new Samba password applied is to directly change it with the smbpasswd command on the server. Which sorta defeats the purpose of trying to use the JumpCloud console to manage things...

    Here is a section that I modified to match what was in the sample smb.conf file from JC, but it doesn't work:
    -------------------------------------------------------------------------------------------------
    [global]
    workgroup = WORKGROUP
    server string = Samba Server %v
    log file = /var/log/samba/log.%m
    # For debugging enable the log level of 5
    log level = 5
    max log size = 50
    idmap config * : backend = tdb

    # LDAP Settings
    ldap suffix = dc=jumpcloud,dc=com
    # ldap admin dn = uid=ldap,ou=Users,o=YOUR_ORG_ID,dc=jumpcloud,dc=com
    ldap admin dn = uid=smb_bind,ou=Users,o=0000000000000000000000000000dc=jumpcloud,dc=com
    ldap ssl = no

    passdb backend = ldapsam:ldaps://ldap.jumpcloud.com:636
    -------------------------------------------------------------------------------------
    Note: I replaced my JC ID with 0's.

    So, as far as I can tell, just simply installing the agent works for Linux User add/deletes and Password changes on my Linux clients, but NOT for changing the Samba password. I am at the moment having to do that "manually" on the server. The server doesn't seem to be picking up the change and that is where I believe the LDAP settings on the server's smb.conf has to come into play and I don't have that configured properly ...

    I would love to hear from you where you think I am going wrong, but it ISN'T working for me as you described above by just simply installing the JumpCloud agent...
      My Computer

  7. jimbo45's Avatar
    Posts : 10,493
    Windows / Linux : Arch Linux
       #17

    Hi there

    @abenavraham

    I unlike others would actually go for the domain route -- you can get smallish ones for very cheap prices (also if it's a business remember you can get tax allowances for various expenditures).

    On the domain you can set up a website really easily with Wordpress (usually free on hosted domains), your own mail server with a decent number of email addresses and you can store and share file content easily enough. If you also want to do any e-commerce this is the way to go as well as you can get bespoke e-commerce stuff priced even if you are a "sole trader" --i.e 1-man business.

    In the office you could get a NAS but personally I'd start with the domain route as it's a lot less hassle and probably cheaper to start up with. Just ensure the applications you want to run are available on our domain server.

    You could also consider services like azure etc (100% cloud infrastructure) -- depends on what you need to do -- but if I'm running a small business I'd want to be up and running making money ASAP rather than having to deal with a whole slew of I.T Issues.

    For some people the I.T part would be the "Real part" --that's fine for I.T Pros at large businesses say like SHELL etc but a small business you need to get to the "Cash generating bit" ASAP. I.T infrastructure to get right can be hideously expensive.

    Didn't even AMAZON take a long time and a huge investment before it started amassing profits.

    Anyway good luck and welcome to "The Gig Economy".

    For 4 users or so I think Br067 makes it far too complex.

    First test the NAS stand alone -- no LDAP or any of that other rubbish - especially with only 4 users

    then a very simple samba.conf -- start slowly - just share 1 file with 1 user.

    I'd also use something like CENTOS as it's as stable as a rock based entirely on a very successful commercia server out there RHEL Enterprise - used worldwide in 100,000's of sites etc.

    Let's know in more detail what you are trying to do -- as I think Br067 often gets a bit blinded with science. START FROM SIMPLE CASES FIRST.

    Cheers
    jimbo
      My Computer


  8. Posts : 63
    Win 10 1803
       #18

    jimbo45 said:
    Hi there @abenavraham First test the NAS stand alone -- no LDAP or any of that other rubbish - especially with only 4 users then a very simple samba.conf -- start slowly - just share 1 file with 1 user. I'd also use something like CENTOS as it's as stable as a rock based entirely on a very successful commercia server out there RHEL Enterprise - used worldwide in 100,000's of sites etc. Let's know in more detail what you are trying to do -- as I think Br067 often gets a bit blinded with science. START FROM SIMPLE CASES FIRST. Cheers jimbo
    Sorry jimbo, I think you misunderstand... I'm already conversant with setting up a Domain Controller, etc. and do so for the Small Businesses I support.

    My NAS comment was only pointing out that JumpCLoud would probably be a much easier setup for JumpCloud/Samba integration on the NAS rather than (like me) a "roll your own Samba Server" that integrates with JumpCloud LDAP. All the interface programing is already done on the NAS by professionals and on a NAS it is just a matter of Point, Click and type.

    All I'm trying to do is figure out how to do is get Samba on my server to update it's passwords when I use the Jumpcloud Console to change a user's password. As mentioned above the Linux Password for the client changes without issue when I change it from the console but the SAMBA password doesn't.

    I really like the "idea" of JumpCloud and being able to manage Linux Clients (and Windows clients FWIW) from the console and am experimenting with it (JumpCloud that is) in hopes of being able to role it out as one of the services that I can offer to setup for clients, BUT until I figure out where I am going wrong in setting up JumpCloud/SAMBA to be able to also update the Samba Passwords, then I can't recommend JC to any client.

    I am hoping to offer to roll out to my clients alternatives to having to use Windows at all - both Windows 10 and Windows Server, especially since Microsoft has decided to end Windows Server essentials in the future. Both Windows Small Business Server as well as Essentials offered fairly good value to Small Businesses and MS may well have something to fill the niche after Essentials dies, but as far as I know they haven't announced anything yet...

    So, for now, I am focusing on moving any of my clients that wish to do so to a infrastructure that uses a Samba4 Domain Controller (Zentyal or NethServer) and Linux Clients (I'm partial to Ubuntu, but am seeing fewer issues setting up CentOS7 Clients in a domain).

    I just have a lot of clients that are tired of Microsoft and especially the ongoing fiasco that Windows 10 is with it's CONSTANT flawed updates and are seriously considering alternatives to MS. And I would like to provide that alternative to them, including _possibly_ JumpCloud, but I gotta get the Samba Password problem sorted first b4 I can recommend it.
      My Computer

  9. bro67's Avatar
    Posts : 8,353
    Mac OS Catalina
       #19

    , you need to start your own thread. There are plenty of forums out there regarding Linux and SaMBa. Jumpcloud will respond very quickly if you are having issues setting up your Linux clients to work with their service. At this time, your points are valid, but have nothing to help the OP with.

    You do not have to do anything with SaMBA to get Jumpcloud's client to work with their LDAP as a Service. As for a NAS, they have information on their website in the knowledge base, to walk you through setting up a NAS with their service.
      My Computers


  10. Posts : 63
    Win 10 1803
       #20

    bro67 said:
    , You do not have to do anything with SaMBA to get Jumpcloud's client to work with their LDAP as a Service.
    You sir are 100% wrong about the JumpCloud agent configuring Samba and here is a reply I got from JumpCloud support confirming that, and DIRECTLY contradicting you. So you can take your uppity attitude and stick it. I've seen other post from you that are in fact dead WRONG as well, so why don't you take your INCORRECT advice and attitude somewhere else. You have NO idea what you are talking about!
    I'm done with you and this forum where the only advice given, ESPECIALLY by you, is BAD advice!

    Subject: JumpCloud LDAP and Samba Password Updates

    NOV 13, 2018 | 03:51PM MST
    Andrew Hendrickson replied:
    Hi Aaron,
    Thanks for contacting JumpCloud Support. The JumpCloud agent will manage the Linux users on that machine, but not the Samba users. You will need to configure LDAP in this situation. Below is some information on integrating Samba with JumpCloud LDAP:
    https://support.jumpcloud.com/custom...ticles/2873709
    Please take a look at this information and let me know if this helps.
    Thanks,
    Andrew Hendrickson
    Customer Success Engineer
    JumpCloud
      My Computer


 
Page 2 of 3 FirstFirst 123 LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 03:46.
Find Us




Windows 10 Forums