ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    AzureAD and shares

    Scheduled Pinned Locked Moved IT Discussion
    137 Posts 9 Posters 16.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • brandon220B
      brandon220 @scottalanmiller
      last edited by

      @scottalanmiller said in AzureAD and shares:

      @brandon220 said in AzureAD and shares:

      The more OSS you have, the lower your score will be.

      Remember, all SEC regulated banks are 100% core on OSS. All, 100%. No exceptions. And their security is a million times the needs, audits, and requirements of small banks and little financials. In the REAL financial world, better security means better scores.

      Literally, I'd consider legal action here. As the IT adviser, you have a legal requirement to let them know that they are being scammed and have a legal requirement to take action.

      Exactly. Our main core is 100% Unix. Makes no sense how they come up with this stuff.

      1 Reply Last reply Reply Quote 0
      • brandon220B
        brandon220 @Obsolesce
        last edited by

        @Obsolesce Yes. Unbelievable.

        scottalanmillerS 1 Reply Last reply Reply Quote 0
        • scottalanmillerS
          scottalanmiller @brandon220
          last edited by

          @brandon220 said in AzureAD and shares:

          @Obsolesce Yes. Unbelievable.

          Worse, is that someone pays and/or believes them. How could it come to that?

          ObsolesceO DashrenderD 2 Replies Last reply Reply Quote 0
          • brandon220B
            brandon220 @scottalanmiller
            last edited by

            @scottalanmiller As far as samba goes - if they could manage it with Cockpit or the likes, it would be an easy choice.

            scottalanmillerS 1 Reply Last reply Reply Quote 0
            • ObsolesceO
              Obsolesce @scottalanmiller
              last edited by

              @scottalanmiller said in AzureAD and shares:

              @brandon220 said in AzureAD and shares:

              @Obsolesce Yes. Unbelievable.

              Worse, is that someone pays and/or believes them. How could it come to that?

              Someone better call up Linus Torvalds and tell him his kernel isn't secure enough for financial institutions and so to do a better job.

              scottalanmillerS 1 Reply Last reply Reply Quote 1
              • brandon220B
                brandon220
                last edited by

                That "tool" comes directly from https://www.ffiec.gov/ and it is apparently the "Gold Standard" that all financial institutions are graded by. It is a glorified Excel file with multiple tabs.

                scottalanmillerS 1 Reply Last reply Reply Quote 0
                • brandon220B
                  brandon220
                  last edited by brandon220

                  I know @Obsolesce uses samba too. How well does this work if the MS users connecting to samba sign in to their PCs with MS accounts instead of local user accounts? Basically, does it work properly with email addresses for usernames? I don't use MS accounts personally and have never tried to connect to a samba share that way.

                  scottalanmillerS ObsolesceO 2 Replies Last reply Reply Quote 0
                  • scottalanmillerS
                    scottalanmiller @brandon220
                    last edited by

                    @brandon220 said in AzureAD and shares:

                    That "tool" comes directly from https://www.ffiec.gov/ and it is apparently the "Gold Standard" that all financial institutions are graded by. It is a glorified Excel file with multiple tabs.

                    That's so weird, because it's directly in opposition to SEC rules.

                    1 Reply Last reply Reply Quote 0
                    • scottalanmillerS
                      scottalanmiller @brandon220
                      last edited by

                      @brandon220 said in AzureAD and shares:

                      I know @Obsolesce uses samba too. How well does this work if the MS users connecting to samba sign in to their PCs with MS accounts instead of local user accounts? Basically, does it work properly with email addresses for usernames? I don't use MS accounts personally and have never tried to connect to a samba share that way.

                      I thought that they were dropping those weird things for local or AD?

                      DashrenderD 1 Reply Last reply Reply Quote 0
                      • scottalanmillerS
                        scottalanmiller @Obsolesce
                        last edited by

                        @Obsolesce said in AzureAD and shares:

                        @scottalanmiller said in AzureAD and shares:

                        @brandon220 said in AzureAD and shares:

                        @Obsolesce Yes. Unbelievable.

                        Worse, is that someone pays and/or believes them. How could it come to that?

                        Someone better call up Linus Torvalds and tell him his kernel isn't secure enough for financial institutions and so to do a better job.

                        Someone had better tell EVERY bank and the SEC, too. And the stock exchanges.

                        1 Reply Last reply Reply Quote 0
                        • scottalanmillerS
                          scottalanmiller @brandon220
                          last edited by

                          @brandon220 said in AzureAD and shares:

                          @scottalanmiller As far as samba goes - if they could manage it with Cockpit or the likes, it would be an easy choice.

                          Cockpit, WebMin, or most any NAS. Check out ReadyNAS or Synology.

                          JaredBuschJ 1 Reply Last reply Reply Quote 1
                          • JaredBuschJ
                            JaredBusch @scottalanmiller
                            last edited by

                            @scottalanmiller said in AzureAD and shares:

                            @brandon220 said in AzureAD and shares:

                            @scottalanmiller As far as samba goes - if they could manage it with Cockpit or the likes, it would be an easy choice.

                            Cockpit, WebMin, or most any NAS. Check out ReadyNAS or Synology.

                            Yeah, if you want stupid human to do things, then oyu need to jsut buy a Synology.

                            1 Reply Last reply Reply Quote 1
                            • DashrenderD
                              Dashrender @scottalanmiller
                              last edited by

                              @scottalanmiller said in AzureAD and shares:

                              @brandon220 said in AzureAD and shares:

                              If it were for me, it would be samba 100%. I have to "fight" people all the time who will argue to the death that they don't want a Linux server of any type, because it is "free" and "not secure".

                              I feel like you have a really low opinion of these people, not technically, but as people. You think that they are capricious, illogical, and out to screw their business for emotional / personal reasons (e.g. willing to hurt the business without any concerns for what is good for it, just what sounds good to them personally.) I find that IT often feels this way about businesses, but once I speak to them, they were never like that. LIterally had this happen with a bank four days ago. I bet if you present the real reasons, they aren't running a bank and this crazy. It might feel that way, but I bet if presented with good logic and factors, they are probably way more sane and trying to do a good job than you think.

                              Boy I would love to believe this - but I simply don't.

                              I've seen case after case where internal resources gave those good logic and factors and management still dismissed it out of hand for their own personal reasons. But the moment a third party is brought in, especially if they are paying that consultant - they will change their tune in an instant - at least until the consultant it gone.
                              Also, let's assume you do get them to let you install a FOSS solution where the onsite personal couldn't - the MOMENT the onsite personal have an issue - OMG that FOSS shit is just trash, I can't believe you wanted it, etc, etc, etc... instead of - oh, this is a normal part of IT, research it and get it fixed - oh.. and here's some money/time so you can get better educated on the solutions we are using.

                              1 Reply Last reply Reply Quote 0
                              • DashrenderD
                                Dashrender @scottalanmiller
                                last edited by

                                @scottalanmiller said in AzureAD and shares:

                                @brandon220 said in AzureAD and shares:

                                @scottalanmiller said in AzureAD and shares:

                                @brandon220 said in AzureAD and shares:

                                The more OSS you have, the lower your score will be.

                                Then it's an anti-audit. I mean it's that easy. If they are specifically penalizing security, that literally makes these guys social engineers / hackers. Instantly, you have a requirement to ban them from the company. Financial regulations actually makes that criminal.

                                Not to derail this thread, but I deal with this every year. These auditors come in and HAVE to find something "wrong" even though what they find are not actual problems. It just justifies the money spent for the audit. I know there are others on here who deal with these auditors. They know exactly how bad it is.

                                Right, so you have a criminal activity going on for personal gain. The bank needs to understand that the auditors are being paid to put them at risk, because that's how they get compensated. Doesn't change that it's illegal.

                                This is clearly totally the wrong mind set for both the auditors and the audited. If anything both should be hoping that they don't find anything.

                                scottalanmillerS 1 Reply Last reply Reply Quote 0
                                • DashrenderD
                                  Dashrender @scottalanmiller
                                  last edited by

                                  @scottalanmiller said in AzureAD and shares:

                                  @brandon220 said in AzureAD and shares:

                                  @Obsolesce Yes. Unbelievable.

                                  Worse, is that someone pays and/or believes them. How could it come to that?

                                  Because those who are paying for those audits simply don't know any better - and the advertising for said auditor is better than anything the local IT group can give.

                                  scottalanmillerS 1 Reply Last reply Reply Quote 0
                                  • DashrenderD
                                    Dashrender @scottalanmiller
                                    last edited by

                                    @scottalanmiller said in AzureAD and shares:

                                    @brandon220 said in AzureAD and shares:

                                    I know @Obsolesce uses samba too. How well does this work if the MS users connecting to samba sign in to their PCs with MS accounts instead of local user accounts? Basically, does it work properly with email addresses for usernames? I don't use MS accounts personally and have never tried to connect to a samba share that way.

                                    I thought that they were dropping those weird things for local or AD?

                                    Well - @brandon220 has two choices - use MSA (Microsoft Accounts) or purely local to the machine accounts.

                                    Actually he has a third as long as he has O365.
                                    O365 comes with a lite version of Azure AD. You can join your Win10 machines to it, and users can roam between PCs via this authentication method. No extra cost needed outside the base license for O365.

                                    So now the question becomes - can Samba use usernames like [email protected]? If it can, then there shouldn't be any issue.

                                    1 Reply Last reply Reply Quote 0
                                    • DashrenderD
                                      Dashrender @brandon220
                                      last edited by

                                      @brandon220 said in AzureAD and shares:

                                      My best option IMO is to spin up 3 new VMs - 2 AD/DNS and 1 file server.

                                      Where are you planning on hosting this? I have to assume you don't mean to buy two servers, and setup AD/DNS on each of them, plus then setup a file server on one of them as well? That would be hardware overkill for something like this.
                                      So assuming you did go with a single server - then you're down to two VMs - 1 AD/DNS and 1 file server.

                                      Another option would be 1 NAS, and simply map it to everyone's computer.

                                      You mentioned managing local user accounts - do users move around and use other people's computers? or are they mainly only on their own? If they are mostly single use, a NAS is likely the best option. You'll build the users on the NAS and be done with it.

                                      brandon220B 1 Reply Last reply Reply Quote 0
                                      • ObsolesceO
                                        Obsolesce @brandon220
                                        last edited by

                                        @brandon220 said in AzureAD and shares:

                                        I know @Obsolesce uses samba too. How well does this work if the MS users connecting to samba sign in to their PCs with MS accounts instead of local user accounts? Basically, does it work properly with email addresses for usernames? I don't use MS accounts personally and have never tried to connect to a samba share that way.

                                        Where I work now, we're moving to LANless at full speed, and SDP in the meantime and where LANless is more challenging.

                                        DashrenderD 1 Reply Last reply Reply Quote 2
                                        • DashrenderD
                                          Dashrender @Obsolesce
                                          last edited by

                                          @Obsolesce said in AzureAD and shares:

                                          @brandon220 said in AzureAD and shares:

                                          I know @Obsolesce uses samba too. How well does this work if the MS users connecting to samba sign in to their PCs with MS accounts instead of local user accounts? Basically, does it work properly with email addresses for usernames? I don't use MS accounts personally and have never tried to connect to a samba share that way.

                                          Where I work now, we're moving to LANless at full speed, and SDP in the meantime and where LANless is more challenging.

                                          SDP?
                                          What is your proposed or already decided solution for normal file storage? (word, etc, type files)

                                          ObsolesceO 2 Replies Last reply Reply Quote 0
                                          • ObsolesceO
                                            Obsolesce @Dashrender
                                            last edited by

                                            @Dashrender said in AzureAD and shares:

                                            SDP?

                                            Software Defined Perimeter.

                                            1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 3
                                            • 4
                                            • 5
                                            • 6
                                            • 7
                                            • 2 / 7
                                            • First post
                                              Last post