[Samba] network design - taking advantage of samba+openldap

Nathan Vidican nvidican at wmptl.com
Thu Nov 10 18:31:13 GMT 2005

For the number of clients you have, and if the network is restricted to one 
segment, why three different domains? Why not consolidate domains into a single 
domain, with multiple BDC's. Also, NAS now forces your end-users to rely on the 
security and performance of whatever NAS solution you go with. My advice to you 
would be this:

Build a new PDC, install/configure as a single domain using OpenLDAP tree. 
Import all your existing users and their information into this tree.

Build _X_ number of BDC's to be used for various NAS, these machines can slave 
the LDAP tree locally cascading updated to the primary and servicing queries 
directly. Since all permissions/users are now global accross all servers using a 
single domain, distribute your storage requirements accross the various BDC's 
using some sort of internal RAID solution.

For the price - highly reccomend looking at a 3Ware Escalade 9000-series 
controller, can whack on a few RAID edition 250GB drives via S-ATA and get a 
couple of terabytes with good I/O speed/performance relatively cheap. With the 
9000-series you can get a solid 400MB/sec data rate, 800Mb/sec using newer S-ATA 
II based controllers for less than $500.

IMHO - this would be easier to manage, implement, and pay for than what you're 
currently running/proposing.

Nathan Vidican
nvidican at wmptl.com
Windsor Match Plate & Tool Ltd.

Pablo Chamorro C. wrote:
> In the headquarter of my Institution we have some 300 windows PCs, 
> distributed like this:
> domain1: 100 clients in a consolidated samba 3.0.5-2 domain (RH 9.0)
> domain2: 20 clients in an incipient samba 3.0.14a-2 domain (FC4)
>          80 clients to be joined to domain2
> without domain: 150 clients beloging to some three workgroups
> We outsourced the deployment of a LDAP server and we are in the process 
> of put the server into production, but the contract only included the 
> migration of domain1 to authenticate against openldap.  And here my big 
> question:
> we want to consolidated domain2 and to create three extra PDCs for the 
> rest of the windows PCs.  Is it advisable to have 5 PDCs? or only 1 PDC 
> and one BDC for building? (like showed in 
> http://samba.org/samba/docs/man/Samba3-ByExample/images/chap6-net.png). 
> Can openldap include several SIDs?
> Could you please give us some advise for our successfull deployment of 
> our Windows-Samba network? We don't have our LAN segmented.  Also, we 
> are in the process of buying a cheap NAS solution for all the users.
> thanks,
> Pablo Chamorro C.

More information about the samba mailing list