[Samba] LDAP/Samba Groups question

G. Armour Van Horn vanhorn at whidbey.com
Sat Apr 19 19:31:35 GMT 2003

I'm starting to build a set of servers to replace a WinNT 4 setup, and I'm having a conceptual problem with groups and the workgroup vs domain question.

The sample smb.conf files I have seen have all seemed to use either a domain or a workgroup, but not both. I want five servers in five different locations to each serve as the domain
controller (logon server) in that office but handle shares for different workgroups.

In two of the locations, the attached systems are all part of a single workgroup, and the workgroup is limited to that location. But in three locations there are multiple workgroups, and
some of the workgroups have users in more than one location. In all five locations, the current NT4 server acts as a PDC with the domain matching the name of the office.

In Bayview, for example, the server bayview_server acts as PDC for the BAYSIDE domain, which is synonymous with the BAYSIDE workgroup. However, in the downtown office the downtown_server
acts as PDC for the DOWNTOWN domain and handles shares for workstations in the DOWNTOWN, MARKETING, and PROP workgroups. Further, there are also members of the PROP workgroup in the HARBOR

I'm trying to create a single structure that will serve the entire organization, using LDAP replication to keep the users and groups straight, which has it's own challenges, but the big
mental block here is the domains and workgroups. I need to have a PDC in each office, but I can't have multiple PDCs in one domain and Samba doesn't run as a BDC. And some of the PDCs need
to serve multiple workgroups, and all of the examples I've seen have a single workgroup defined in the [global] section of their smb.conf files.

How should I handle this?


