[Samba] Samba Domain and OpenVPN

Adam Tauno Williams adamtaunowilliams at gmail.com
Tue Feb 26 12:30:34 GMT 2008

> our internal network.
> Now the other (Windows) clients - 7 units - and the employees at the 
> branch office shall be integrated in our existing Samba Domain.
> What is the best solution to accomplish this?
> Some additional inormation:
> - I think loading profiles from our server would not be a good idea,
> because the 
>   VPN tunnel would be to slow for this.

You can use folder redirection to keep various parts of the profile in
the profile, on a network server, or local.  You should run some tests,
based upon your connection, your ISP, your applications, etc... you
might find VPN performance to be pretty good.  Or redirect parts of the
profile to a local server.

> - I use password protected keys for the clients, so OpenVPN can't be
> started automatically as Windows service, because it requires that the
> user enters a password. Because of this, I think, it is not possible
> that the clients at the branch office can become members of our
> domain.

Why not keep your currently routed solution with one host holding open
the VPN connection and routing traffic?  Way simpler than everyone

> I thought about establish a second domain at the branch office and
> establish a 
> domain trust relationship. But I read that this feature in Samba is
> not very stable and insecure. 

I think it is stable.  Or run a local server as a BDC.

> Additionally I'm not sure if this procedure is worth the trouble for 
> only 7 clients.

Adam Tauno Williams, Network & Systems Administrator
Consultant - http://www.whitemiceconsulting.com
Developer - http://www.opengroupware.org

More information about the samba mailing list