Topic: one account for multiple users

[degauss]

Hi
is it OK to use one useraccount for multiple users. example 50 teachers all use account named "teacher" and 150 students use account "kids". All log in sme domain simultaneously (sme 7.2 server only domain controller) .no email function needed, only simpel domain controller.

Sorry my language

[pcdoc]

We have a couple of sites set up that way, also have 2 set up like that but use them as gateways with proxy filtering for users.

Have no problems as long as you dont want to use emails for that particular client. Nice, quick and easy way to set up a file server without having to enter heaps of users.

[degauss]

Interesting what is reasonable limit how many users can use same account simultaneously? Is ~120 users and 3 account usable? Like 40 teachers log in as "teacher", 40 users "kids" and 40 users "whatever". Of course without roaming profiles.

[pcdoc]

Have only had 30 users on one account as a max so far, have had no problems, server is 1.7 GHz 256 Mb RAM. IF your specs for the server are greater than that, I see no problems, but I don't know what the max for samba is, or if you can increase it.

Others will have to step in here regarding samba maximums

[CharlieBrady]

is it OK to use one useraccount for multiple users. example 50 teachers all use account named "teacher" and 150 students use account "kids".

IMO that's a very bad idea from a security point of view. You cannot properly control access, because passwords need to be shared (and cannot be easily changed), and you cannot identify the responsible party if anyone does something which is a problem.

[pcdoc]

yes Charlie, you have a point.

However, there are some cases where security amongst collegues is not an issue for general files on a general file server and, although they occur infrequently, they do exists.

As an admin, security is one of my foremost concerns regarding business' data, but we do have a couple of sites that are for non profit organisations where they just want to share files amongst the various members, and as such do not CARE about securing the files.

It is to these cases I refer.

I agree with you that for the majority of cases regarding business clients, I would recommend against this strategy, but that was not the question asked.

I was simply responding to the question, and not taking an overall view of the operation.

[purvis]

i run all my servers this way, in small offices. people can do damage in many ways, and i also believe as long as your are logged on to one
sme server, you cannot logon with a second crediential at the same time. yes you still need a few user accounts for more or less security, but one does just fine for most all small server situations.

 

[degauss]

when someone press ctrl-alt-del and change password ...nobody cant log in except for one. How to deal with that? Is it possible disable users password change on sme? Always same password. Or have to use workstation local policy?

[pcdoc]

We get around that issue by NOT setting the workstations up to log on to a domain, just leave them as a workgroup.

That way, when some idiot does change the password, its only on their local workstation, and not on the server.

Problem solved!! 

[CharlieBrady]

As an admin, security is one of my foremost concerns regarding business' data, but we do have a couple of sites that are for non profit organisations where they just want to share files amongst the various members, and as such do not CARE about securing the files.

I've done plenty of work with non-profits, so I'm familiar with the environment. I'd still never put one in with shared use accounts, because it makes support close to impossible. Troubleshooting is very difficult if the logs don't tell you who did what when.

[pcdoc]

Ok, to summarize...

Question was - Is it OK to do....

Answer - It is possible, and will work, but not recommended way because of security issues.

Does that seem OK from all perspectives ?

[degauss]

I get my answer  thanks!