[Samba] Multiple domain and trust relationship
Marc Muehlfeld
mmuehlfeld at samba.org
Wed Oct 14 20:51:59 UTC 2015
Hello Julien,
Am 08.10.2015 um 18:20 schrieb Julien Deloubes:
> i use Samba 4 AD (4.2.1) for a small company.
> I use a domain which is a subdomain of our internal DNS domain (
> directory.mydomain.io)
> Now my company will open several sites in different countries.
> I was wondering what is the actual limitations of Samba4 concerning the
> multi domain (i'm not a Windows guy and have very limited knowledge about
> AD).
> I read about trust relationship limitations (can be trusted but cannot
> trust) so does this mean that for the moment i'm stuck with one domain?
>
> What is my option considering multisites, could i continue to use only one
> domain (with RODC for example)?
Some parts of the AD trust support were introduced in 4.3, but it's not
completely done.
In most cases, using AD sites is the easier and less complex way, than
different domains or subdomains.
https://wiki.samba.org/index.php/Active_Directory_Sites
Each site should have at least one DC, so you're on the save side, if
the connection temporary is offline. But even it is offline, each site
is able to work. You can e. g. create new objects (users, etc.), even if
the network is disconnected. When it's back, everything gets in sync again.
Only the DC(s) owning a FSMO role are having some special functions. If
they can't be reached, some things are temporary not possible to do or
only on sites, where the FSMO role owner is. Have a look at
https://wiki.samba.org/index.php/Flexible_Single-Master_Operations_%28FSMO%29_roles
There you have a good overview, about the roles, what their job is and
what happens, if it's offline or not reachable.
Regards,
Marc
More information about the samba
mailing list