[Samba] Hints about large network!

[Sensei]

Hi.

In few weeks I'm planning to set up a windows network over our  
departmental net. I need some advices, suggestions about what you  
would do. We're in front of a large network. I'm expecting having 50+ 
+ computers logging in the windows domain, many different users.  
Servers will be just unix (linux mainly, and aix/bsd for experiments  
only)

The underlying structure is really simple. All clients (aix, bsd,  
linux, macosx) are authenticating over our kerberos realm (linux  
kdcs). User informations are on ldap (home, shell, gid, uid,  
additional gids...), no password since ldap uses kerberos via gssapi.  
File serving is provided by AFS. All users have their home in /afs/ 
cell.name/users/INITIAL/username, no local users. It works perfectly.

Now, I'd like to add windows clients. Since they cannot authenticate  
over MIT using AFS and LDAP, I'm working with samba. Before starting  
from the wrong assumptions, I'd appreciate some suggestions. This is  
my plan for windows.


-Since we have a realm CELL.NAME, I'd use a workgroup: WIN.CELL.NAME
-Netbios name for pdc should be the same as in the dns: SMB.CELL.NAME
-We have NO ldap passwords: tbsam.


I have some concerns. What I'd really like is probably not good.

- Passwords. We're using kerberos... Any change to samba should be  
redirected to kerberos. Anyone doing some tricks here?

- Home directories. The logon home should be \\AFS\CELL.NAME\users 
\initial\%U --- quite weird for windows. Moreover, this creates some  
directories in the unix space (users and settings\user, with desktop  
& co).

- Profiles. Is it a good idea to store profiles in each user's home?


I'm confused, ms-network makes more difficulties than solving  
problems, but I have to do that...

Can you give me some impressions? Add that I'd like to add a BDC...  
Any suggestion is really appreciated. I want to plan better before  
rather than complainig after :)

Thanks!

-- 
Sensei <senseiwa at tin.it>

cd /pub
more beer