[Samba] VPN+2.2.3a+LDAP

[Bradley W. Langhorst]

Sorry I missed your response until now...
> Thanks for your thoughts Bradley. I have another bunch of questions which
> you may be able to enlighten me on :)
> 
> Am I right in thinking that if I carried out idea 3, with each site having
> its own unique domain, that the user homes and profiles directories should
> be specified with an absolute path in the LDAP server?
 
> For example, if Joe was logging on to DOMAIN1, should the LDAP directory
> explicitly say \\DOMAIN1\JOE as his home directory (smbHome), and
> \\DOMAIN1\JOE\profile for his profile (profilePath)? I would like to have it
> so that any user could log on at any site and still keep one unique home dir
> on the Samba server at the site he uses most - so that if in one particular
> week Joe was at 6 different sites he wouldnt have a profile and home
> directory at each site - he would just use the one at his main site, DOMAIN1
> (I realise this would mean transmitting large amounts of data across a
> relatively slow WAN).
that seems reasonable - however i think you mean \\PROFILESERVER1\JOE
rather than \\DOMAIN1\JOE
That implies that all these domain controllers can access each other's
namespaces (i'm not sure you can do that)
you might have to put \\fqdn_of_profile_server\profiles\%u into the ldap
rather than the wins name of the server (fqdn = fully qualified domain
name)

> Is it possible for a replicated LDAP database to be used with Samba in this
> way which allows anyone to log on anywhere to any domain in a large network,
> yet still keep a unique 'home' ?
i've not done it myself - but it should be possible to point each domain
controller at an ldap server on localhost and keep all those in sync
using the ldap tools.

the replication stuff should be transparent to samba

brad