Crazy Idea? - Server 2012 handling SMB Shares for unRAID (Better AD integration)

[smdion]

Hey All,

 

I'm not a huge fan on how unRAID handles AD. I also have LDAP integration everywhere and would love to get it on my smb shares.

 

Problems:

 

1. Slow WebGUI after bind

2. Need AD server to not be hosted on unRAID KVM

3. I understand this is not a high priority issue for LT at this point.

 

I came up with a crazy idea during shower time this AM and looking for people to poke holes in it.

 

Solution:

 

1. Windows Server 2012 R2 Server running on KVM

2. unRAID still in workgroup mode

2. All unRAID shares set to SMB Yes (Hidden) and Private only to super secret "services" account

3. Mount shares as folders inside Server 2012 with super secret services account (mklink /d "c:\unRAID\Test" "\\10.10.10.12\Test")

---since a mount on Windows Server thru KVM is a passthru, I shouldn't lose any speed.

4. Set SMB (share) permissions for AD inside Server 2012 (like this https://www.linuxserver.io/index.php/2015/07/20/how-to-active-directory-on-unraid-6/)

4a. Maybe even change ownership to the "super secret services" account on all files

5. Windows Server to auto boot

6. Set both with DHCP reservations so it will work inside and outside of network.  (sometimes I use it as a LAN Party Server)

 

Note: This would not touch system/appdata/boot

 

 

Are their any glaring issues I'm missing?  I did all of this with a test share and it seemed to work fine.

 

Worst case is a run the repairperms if it all goes to heck in a hand basket.

 

If I could pass thru the array without SMB/AFP/NFS I think i'd be golden.

[smdion]

Seems LT and group did the permission homework properly   Failure of this is I can't change file permissions because my domain accounts do not have access.

 

Best way around this is to have hidden shares open to everyone, not something I want to do.  I'm surprised unRAID knew what account I was connecting with thru the Server, even though the server was connected with an account that has access.