[Samba] VPN+2.2.3a+LDAP

Philip Burrow phil.burrow at blueyonder.co.uk
Tue Apr 30 17:42:02 GMT 2002

> > 3. Have a Samba PDC at each site controlling a domain of its own, but
> > using the same LDAP server.
> still the same problem
> I think you should modify idea 3 by setting up replicated LDAP on the
> PDC (or another machine) at each site.  That way everybody can log in
> even if the lan is down (though the distributed ldap dbs might diverge
> if your wan is down for a long time.

Thanks for your thoughts Bradley. I have another bunch of questions which
you may be able to enlighten me on :)

Am I right in thinking that if I carried out idea 3, with each site having
its own unique domain, that the user homes and profiles directories should
be specified with an absolute path in the LDAP server?

For example, if Joe was logging on to DOMAIN1, should the LDAP directory
explicitly say \\DOMAIN1\JOE as his home directory (smbHome), and
\\DOMAIN1\JOE\profile for his profile (profilePath)? I would like to have it
so that any user could log on at any site and still keep one unique home dir
on the Samba server at the site he uses most - so that if in one particular
week Joe was at 6 different sites he wouldnt have a profile and home
directory at each site - he would just use the one at his main site, DOMAIN1
(I realise this would mean transmitting large amounts of data across a
relatively slow WAN).

Is it possible for a replicated LDAP database to be used with Samba in this
way which allows anyone to log on anywhere to any domain in a large network,
yet still keep a unique 'home' ?



More information about the samba mailing list