[Samba] Samba multi-site advice request please

Daniel McFeeters domains at fiforms.org
Sun Jan 31 22:13:18 MST 2010 

Julian Pilfold-Bagwell <jpb <at> bordengrammar.kent.sch.uk> writes:

> 
> Hi all,
> 
> I am looking at setting up a multi-site office and need to put a plan
> forward.  The site consists of one head office and several branch office
> and my plan so far is this:
> 
> In head office, one Samba PDC.  Each branch office will have a local BDC
> that also stores files local to the branch, hopefully cutting down the
> day to day traffic across the VPN.  The VPN I plan to use is OpenVPN in
> bridge mode in order to allow broadcasts e.g. WINS etc., to traverse the
> connections.  All the servers will have their own LDAP server and all
> will be synced to keep the authentication consistent and reduce VPN
> traffic.  Each site will have it's own DNS,  the PDC being the master
> and the BDCs slaves. The low number of machines involved mean I can set
> the clients to use their local DNS.
> 
> The whole plot will be required to run across 2mb SDSL as this is all
> the budget will stretch to.  
> 
> Every other proposal has involved server 2008 and terminal services but
> I really want to go down the Linux/Samba route.
> 
> Is there anyone out there that has successfully pulled this off and can
> give me some advice?  I've spent a few hours searching Google but their
> doesn't seem to be any definite info/howtos.
> 
> thanks,
> 
> Julian PB
> 


I am in the process right now of deploying a very similar setup: multiple
business locations, connected with OpenVPN, with servers located at each site.
Each site, however, has a separate broadcast domain, and routing is handled by
Quagga (OSPF), with DHCP on each server, and Bind DNS for name resolution (no
need for WINS or broadcast resolution). We are right now working on deploying a
new domain in Samba 4 (Compiling from Alpha 11), with a replicated DC at each
site. Even though this software is still in alpha stage, it provides DRS
replication out of the box, it does LDAP for us, and provisioning and
replicating the directory is dead simple. You also have the benefit of Kerberos
SSO security, and all the benefits of a Win2008R2 functional level domain.

~Daniel

More information about the samba mailing list