[Samba] Architecture VPN and Samba with ADS 2003 help needed
guillaume.riviere at vslitc.com
Thu Oct 12 05:01:38 GMT 2006
Henrik Zagerholm wrote:
> 11 okt 2006 kl. 07:03 skrev Guillaume Riviere:
>> Dear all Samba list,
>> I'm currently facing some little problem with samba, I search for
>> advices on
>> our offices architecture. This is what we have:
>> - We got 2 offices with "unstable" ADSL connection (sometime more
>> that 5 connections shutdown a day)
>> - We use a VPN and our 2 offices are on the following internal subnets:
>> Office 1: 10.0.0.0/24
>> Office 2: 10.0.1.0/24
>> There is no firewall restrictions between the 2 offices with the VPN.
>> - The Office 1 got a ADS Server 2003 (ads_office1) and a Debian/
>> Sarge with Samba 3.0.23C file server (fs_office1), all is ok, working
>> very well
>> - The Office 2 got only a Debian/Sarge Samba 3.0.23c file server
>> (call it fs_office2) connected to the remote VPN ADS 2003. This server
>> is in a DOMAIN security mode (because I read that the ADS security
>> mode is currently not so stable)
> Where did you read that? :)
>> All my users (Windows XP SP2 only) must be in the same ADS network
>> (Exchange service, sharing of file, internet access control)
>> We face multiple problems is with the second office, each time we got
>> a disconnection, we have to re-join the domain, restart
>> samba and winbind, also this Office 2 cannot access to the file
>> server in a disconnected mode (some time no internet in this
>> office for a whole day)
>> So, I would like your advice on the following questions:
>> - Do we have to change the server fs_office2 to a Microsoft 2003
>> server, is this the best solution ?
>> - Do Samba can configure itself to use a cache system or a domain
>> duplication or a domain master in ADS 2003?
>> is there solution to make samba deliver locally the credential in
>> case of networks
>> disconnection ? is it stable to go on this solution ?
> Pure ADS member with AD replication is not available inte the SAMBA 3
> branch yet. SAMBA 4 is supposed to handle this but is currently only
> in TP4 pre alpha stage and should only be used in testing purposes.
>> If yes (I hope), how to do this, what is the est architecture, the
>> best samba configuration ?
> Unfortunately I think that the best solution is to have a W2003 at the
> second office also until SAMBA 4 is stable but hopefully some more
> experienced samba users have another idea. :)
>> Thanks in advance,
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/listinfo/samba
Dear Henrik, Dear All,
What about the new offline mode in winbind (in 3.0.23) ? can it solve
the problem ?
do I need to install pam and kerberos for this ?
More information about the samba