Samba domain or AzureAD (Entra ID)?

[derekzeanah]

So, I've got a bunch of workstations that are sharing files on Qnap shares. All Windows accounts are local accounts, and these match an account created on the Qnap device to determine share access.

I'd like to move to some kind of centralized user management system, and the best options seem to be:

• Create a Samba domain, add users and computers to it, and manage this all from the Qnap. Will also need a second Qnap as a BDC
• Use Entra ID as everyone already has an email through Microsoft 365, and it looks like I can configure the Qnap to sync permissions from Entra

Has anyone had significant success or headaches doing one vs the other? Going the Entra route means syncing some other services from other providers will be easier, logins for new users will be created as part of the email creation process, and 2FA will be easy to turn if/when needed. But I know Microsoft is going to charge for essential items later on, and some part of me just loathes depending on a cloud service for something so critical.

But I haven't used Samba to create a PDC/BDC on Qnap before, and I don't see much documentation on the Internet which suggests not many are doing it, so that might be a dead-end long term. That said, group policies, folder redirection, and all those old-school features would be useful in this environment.

I'd love guidance of those who've made this decision before.