[Samba] Multi office samba domains

Robert Schetterer robert at schetterer.org
Tue Dec 26 13:28:05 GMT 2006

Asier Baranguán schrieb:
> Hi all!
> I've a computer acting as a PDC in a network with Samba+OpenLDAP working
> fairly well ina Debian Sarge for several months (Samba servers, XP
> cients). It's working so well that my company wants to deploy this
> system to all the offices (five offices physically separated).
> Each office has it's own peculiarities so each one has to have it's own
> domain with shares and so on. But there some users with special
> requirements:
> + Normal users only access to their local domain resources
> + Users from marketing and sales dpt. travel across all the offices and
> it would be great allow this users to login in all the offices with the
> _same_ user account and access to shares, printers, etc.
> + Some special users are willing must be allowed to access remotely -via
> VPN link- to other office shares
> + And "admin" users be able to access to all office shares
> Inter-office communication will be done with some VPN so in theory I can
> have one main LDAP server with all the users, groups, computers and
> domains and replicate them.
> In other words: share all the users and groups between offices but with
> several domains and access policies.
> Can this be done -almost partially-? perhaps with domain trust
> relationships?
> Thanks!
> -- 
> Diese Nachricht wurde auf Viren und andere gefährliche Inhalte untersucht
> und ist - aktuelle Virenscanner vorausgesetzt - sauber.
Hi Asier,
this can be done, i did this with bdcs in the offices (ldap slaves samba
) an connected them with openvpn.
For traveling user i used pptpd.
But you have to think about lot of things before you start this
so how are the coenncting qualitiy of the lines the offices use, how
implement wins browsing, and the generall net architekture.
If you only want one domain , no trust ist needed.
If you want let the offices independent, use different domains
and trust them to one another, but i would not recommend it.
You should setup internal dns with replication, maybe dhcp with relay.
normaly the homes/profiles of the office users are lying on there bdcs.
Make different policies for workstations and laptops, cause of of
profile caching etc.
Think about slow traffic vpns , sometimes it makes no sense
to push them printers etc.
The layout goes along with you would do with nt windows servers ,
see exmaple in the samba books and faqs.
It a lot of work at the start, but then it works very nice.
I dont know how time lines are for samba 4 ( active dir emulation)
but it should be a little be easier then, with those setups
Best Regards

Diese Nachricht wurde auf Viren und andere gefährliche Inhalte untersucht
und ist - aktuelle Virenscanner vorausgesetzt - sauber.

More information about the samba mailing list