[Samba] Samba with two workgroups (or domains)

[Arturo Limón]

Hello,

I have just installed a Samba PDC in a school that serves one domain named
"SCHOOL". The computer has 4 network interfaces, two of them are for two
ADSL connections, and the other to for a couple of subnets, one for
teachers, the other for students. With this arrangement, the Linux (K12lstsp
/ Centos 5.2) provides several services and allows sharing or ADSL
connections to both students and teachers.

Up to now, both subnets were completely independent (no phisical connection
between them), with their own workgroups, "SCHOOL" and "STUDENTS". SCHOOL
was just for teachers and school admon.

My idea was to include every computer in the Samba domain, and by means of
permisión and IP traffic control between subnets (iptables) controlling who
can access what.

For the moment, and as I have just installed the Samba box, the simplified
layout is:

Computers in
Computers in
SCHOOL domain ----subnet-----  Samba PDC for SCHOOL ----subnet----- STUDENTS
workgroup

Teachers have planted me a special request, that I do not want to say "no"
before checking posible solutions.

They want to be able to browser all the computers in both SCHOOL domain and
STUDENTS workgroup, BUT, they want students to be able to browse ONLY
computers in STUDENTS workgroup, and NOT in SCHOOL.

I have thought about adding a second Samba PDC controller for STUDENTS
(turning the workgroup into a domain) and using "remote announce" from it to
the SCHOOL PDC, but, will it allow to do it? And would there be a solution
with just the PDC installed now (I understand a single Samba PDC can control
a single domain, so I fear not)?

Any ideas will be greatly appreciated.

Thanks in advance.