[Samba] Converting a school district to Samba DCs

[Bill Greene]

I'm helping a small grade school district convert to Samba servers, more 
specifically, replace the existing NT domain controllers.

The district has 3 schools and about 1,700 students and staff members. 
There is one domain.  Currently there are four NT4 DCs, a PDC and 3 BDCs, 
one in each school.  The BDCs act as file servers.  There are also several 
Linux machines running Samba as file servers for specific 
applications.  Finally, there are about 450 client machines, with a mix of 
Windows 98, 2000, and XP.

Every student and staff member has a login and a home directory on their 
"local" BDC.  In the vast majority of cases users are logging in to the 
local server.  It would be rare, for example, that a student from school A 
would log in while physically at school B.  However, it does happen, and 
there are staff members who do that regularly, so it needs to be accomodated.

Most of what is required is fairly straight forward - there would still be 
a file server in each school, and probably a dedicated machine for the 
"PDC" function of holding the user database.  The trick is account 
management.  From what I've read so far in the Samba Guide, how-tos, and 
various news postings, there are 482 different ways of doing this (OK, I 
made up 482, but there are a lot).  Most of the existing docs assume you 
know what you want to do, and tell how to do it.  Unfortunately, I'm still 
at the first step.

So I'm looking for some general guidance on the overall organization.  For 
example:  Should I be using LDAP?  What about the MySQL backend? How does 
winbind fit into this?  Do I need to create all users on all servers, or 
just on the one holding their home directory?  What questions am I not 
asking that I should be asking?

If you have answers, great!  But just pointing at some links would be a big 
help, too.

Thanks!

-- bill