[Samba] Architecture VPN and Samba with ADS 2003 help needed

Guillaume Riviere guillaume.riviere at vslitc.com
Wed Oct 11 05:03:42 GMT 2006

Dear all Samba list,

I'm currently facing some little problem with samba, I search for 
advices on
our offices architecture. This is what we have:

- We got 2 offices with "unstable" ADSL connection (sometime more that 5 
connections shutdown a day)
- We use a  VPN and our 2 offices are on the following internal subnets:
    Office 1:
    Office 2:
There is no firewall restrictions between the 2 offices with the VPN.

- The Office 1 got a ADS Server 2003 (ads_office1) and a Debian/Sarge 
with Samba 3.0.23C file server (fs_office1), all is ok, working very well
- The Office 2 got only a Debian/Sarge Samba 3.0.23c file server (call 
it fs_office2) connected to the remote VPN ADS 2003. This server
is in a DOMAIN security mode (because I read that the ADS security mode 
is currently not so stable)

All my users (Windows XP SP2 only)  must be in the same ADS network 
(Exchange service, sharing of file, internet access control)
We face multiple problems is with the second office, each time we got a 
disconnection, we have to re-join the domain, restart
samba and winbind, also this Office 2 cannot access to the file server  
in a disconnected mode (some time no internet in this
office for a whole day)

So, I would like your advice on the following questions:

- Do we have to change the server fs_office2  to a Microsoft 2003 
server, is this the best solution ?
- Do Samba can configure itself to use a cache system or a domain 
duplication or a domain master in ADS 2003?
 is there solution to make samba deliver locally the credential  in case 
of networks
disconnection ?  is it stable to go on this solution ?

If yes (I hope), how to do this, what is the est architecture, the best 
samba configuration ?

Thanks in advance,

More information about the samba mailing list