[Samba] Browsing on remote subnets, domain logons

Pihhan Pihhan at atlas.cz
Fri Dec 13 17:40:01 GMT 2002


Hello,

I have a few questions.
I have network like this:
(A)---------(MS)--------(SS)-------(B)
             |         |
            inet      (C)

Ms and SS are linux servers with samba. others are workstations with
WinMe.

Can I make all subnets and all computers to see all computers on all
subnets without using WINS?
So A should see SS, B and C. Because between MS and SS is very long
network (connection between two divided LANs) made of 10BASE2, it is
considered unreliable. Thus MS and SS should be always ready to answer
all authorization on its direct subnets, and be backup for others.
Thats because C is in the middle, and have connection to both MS and
SS. If one connection is broken, LANs will be divided but should be
operational itself.

That's why I dont want WINS, because if it
connection to MS fail, there will be long timeout to use secondary
WINS on SS. Is there way to sync both servers nethood for broadcast
and wins for all subnets, where servers MS and SS would broadcast only
local network and remote info gets from the other server?

I don't know how to make this. I want only one domain, where both MS
and SS will serve to direct subnets and get informations about unknown
users from second server. On MS is routing to internet, directed with
iptables and firewall. In preexec script of netlogon share it checks
if logging user has paid for internet and so if he is allowed to use
internet. That somewhat works, I wonder why sometimes...

All I need is allow all users from all subnets to access MS, and
netlogon share. I want synchronised browse list on all subnets, and if
users from B cannot login to MS, they must be able to login to SS.
Thats because I dont want change setting on machines if connection
between MS and SS fails. So they cannot reach MS or other remote
computers, but can operate well on their LAN with direct neighbours.

SS will not be under my direct control (I am not root there),
it will act partialy as BDC. It will not sync users list from
MS itself, they would need be added manualy. But all users on this
server, who wants internet, need also account on MS. So only local
users will have accounts only on local server, not on both.

I think there would be two domains for this, but does Samba support
some way of trusted domains? I am using individual sharing on WinME.
This gets better security to network, with less passwords to remember.
But there are in fact two PDCs, and only one is really PDC. I get list
of users on my PDC server, so I can assign on Windows shares for every user
different acces rights. But can I do this for users from different
domain? or from different server? That is really problem in two
separate domains, but two PDCs cannot be in one domain, right?
Have you any good ideas, how to solve this? Can I sync browse list for
different domains? Must I have workgroup same with domain on
workstations, or can I have one workgroup in two domains? That would
get browsing easier.

(sorry for my english)
(I sent this message already, but in Latin2 encoding, so you seen only
block of octets, i think.)

I hope you are smarter than me,
 Pihhan


More information about the samba mailing list