[Samba] Hints about large network!

Ilia Chipitsine ilia at paramon.ru
Sun Jul 24 11:29:34 GMT 2005 

> Hi.
>
> In few weeks I'm planning to set up a windows network over our departmental 
> net. I need some advices, suggestions about what you would do. We're in front 
> of a large network. I'm expecting having 50++ computers logging in the

not that large :-)

friend of mine is running 300+ computers with samba.
I run 80+ computers samba domain.

> windows domain, many different users. Servers will be just unix (linux 
> mainly, and aix/bsd for experiments only)

there's very important point, called "KISS" (keep it simple, stupid).
complicated things like linux/aix/bsd/w2k3/w2k/AFS/krb5 are known hard to 
maintain.

>
> The underlying structure is really simple. All clients (aix, bsd, linux, 
> macosx) are authenticating over our kerberos realm (linux kdcs). User 
> informations are on ldap (home, shell, gid, uid, additional gids...), no 
> password since ldap uses kerberos via gssapi. File serving is provided by 
> AFS. All users have their home in /afs/cell.name/users/INITIAL/username, no 
> local users. It works perfectly.
>
> Now, I'd like to add windows clients. Since they cannot authenticate over MIT 
> using AFS and LDAP, I'm working with samba. Before starting from the wrong 
> assumptions, I'd appreciate some suggestions. This is my plan for windows.
>
>
> -Since we have a realm CELL.NAME, I'd use a workgroup: WIN.CELL.NAME
> -Netbios name for pdc should be the same as in the dns: SMB.CELL.NAME
> -We have NO ldap passwords: tbsam.

if You have passwords in tdb, You can migrate to ldap by using pdbedit.

>
>
> I have some concerns. What I'd really like is probably not good.
>
> - Passwords. We're using kerberos... Any change to samba should be redirected 
> to kerberos. Anyone doing some tricks here?

it has been discussed many times, just search the list, samba3 goes well 
with Heimdal. which kerberos do You have ?

>
> - Home directories. The logon home should be \\AFS\CELL.NAME\users\initial\%U 
> --- quite weird for windows. Moreover, this creates some directories in the 
> unix space (users and settings\user, with desktop & co).
>
> - Profiles. Is it a good idea to store profiles in each user's home?

yes. it is good.

>
>
> I'm confused, ms-network makes more difficulties than solving problems, but I 
> have to do that...
>
> Can you give me some impressions? Add that I'd like to add a BDC... Any 
> suggestion is really appreciated. I want to plan better before rather than 
> complainig after :)
>
> Thanks!
>
> -- 
> Sensei <senseiwa at tin.it>
>
> cd /pub
> more beer
>
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>

More information about the samba mailing list