[Samba] LDAP/SAMBA wide area network advice sought

Tarjei Huse tarjei at nu.no
Tue May 21 03:38:02 GMT 2002


Hi,

1. Place a ldap slave server in each location and use replication to a
pdc in each location. Thus, each user can logon everywhere without you
having to think of trust relationships.

2. Remember to use ssl/tls in every connection.

3. Take a look at SASLv2 combined with openldap 2.1. Since you want
something that will be used a few years this is the future.

4. Take a look at how you will integrate things with your mailsystem
etc. Take your time planning the ldap server as you will want to use it
for everything ;)

Good luck.
Tarjei

"G. Armour Van Horn" wrote:
> 
> I have a network made up of six small LANs, spread out over a span of
> about 50 miles. Each LAN is a private Class C network with address
> 192.168.x.0/24, where "x" is 0, 4, 13, 49, 60, and 77. The six networks
> are connected with IpSec tunnels through SmoothWall firewalls, with
> every network connected at least back to 192.168.0.0. There is a Windows
> NT 4/SP6 PDC in each location.
> 
> As the networks have grown I find that we are currently serving more
> users than we are licensed for, and I'd rather move to an Open Source
> solution rather than pay Microsoft a bunch of money.
> 
> I've read a lot of messages on this list over the last few months, and
> I've read the Samba/LDAP How-to at idealx.org. (I read the whole thing
> late last year, and just now downloaded the update from last week.)
> 
> I want to use LDAP as the authentication with the master LDAP server
> being in the home network (192.168.0.0) so that I don't have to drive
> from one end of the island to the other just to add a user. Whatever I
> do now, I'm going to want it to last with minimal changes for at least a
> couple of years. I would like to start with the home server, then roll
> it out to one office at a time over the next few weeks.
> 
> The clients in the offices are mostly Windows 98 with a smattering of
> 95, 2000 Pro, and XP Home. All users use their common names as their
> user names ("John Smith" rather than jsmith).
> 
> Any advice on things to watch for, versions to prefer or avoid, or any
> other hints in starting this would be welcome.
> 
> Van Van Horn
> Whidbey Island, Washington
> (Yes, I'm in Microsoft country)
> 
> --
> ----------------------------------------------------------
> Sign up now for Quotes of the Day, a handful of quotations
> on a theme delivered every morning.
> Enlightenment! Daily, for free!
> mailto:twisted at whidbey.com?subject=Subscribe_QOTD
> 
> For web hosting and maintenance,
> visit Van's home page: http://www.domainvanhorn.com/van/
> ----------------------------------------------------------
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba




More information about the samba mailing list