[Samba] Suggestions? Multiple servers/storages one domain

Gaiseric Vandal gaiseric.vandal at gmail.com
Fri Jul 6 07:48:04 MDT 2012

File storage and user authentication are (sort of) separate issues.    I
would generally avoid true standalone servers, and still use the domain
authentication model as much as possible. 

The additional servers can be member servers or backup domain
controllers.   I had trouble keeping user id mappings consistent on
member servers  (in my environment it is necessary that the id mapping
is consistent between all domain controllers and key member servers.)   
I found it was easier just to make sure that my key storage servers were
also domain controllers.      This is only two machines .   Each domain
controller is also an LDAP server.  The LDAP servers are configured for
replication.  Each domain controller therefore uses its own LDAP server
for the samba back end.  (Nt. I started with samba 3.0.x -  newer
releases may have simplified idmapping for member servers.)

When you configure a samba user, you can specify the absolute path to
their profile directory and home directory.  

#pdbedit -Lv thisuser
Home Directory:       \\server1\users\thisuser
HomeDir Drive:        X:
Logon Script:         logon.bat
Profile Path:     

#pdbedit -Lv thatuser
Home Directory:       \\server2\users\thatuser
HomeDir Drive:        X:
Logon Script:         logon.bat
Profile Path:     

I  then use the login script to map the users home directory drive
letter to the appropriate home share. 


net use x: /delete /y
net use x: %homeshare%

I believe windows batch files should also have the option to do
something similar to  "if member of group then ...."   if you want to
have different drive mappings for different groups. 

I don't use profiles in my network.  You need to make sure that each DC
has the same logon script files.

I also have a drive letter mapped to a top level Projects directory on
one server.  But then I use dfs links to redirect users to sub
directories located on the 2nd servers. 

server1# cd /export/Projects
server1# ls -ld *
drwxrwx---+ 37 root      group1       42 May 18 09:00  Project1
lrwxrwxrwx   1 root     root          19 Feb 11  2011 Project2 ->

On 07/06/12 07:55, Götz Reinicke wrote:
> Hi,
> currently we do have one samba3x-3.5.10-0.109.el5_8 RH EL 5.8 PDC
> authenticating by our central LDAP server.
> This PDS also hosts the central fileserver storage for all our +- 600
> users, some group shares and roaming profiles.
> The clients are OS X, Win XP and Win 7. We hope to have all XP 'killed'
> by end of the year.
> Furthermore we do have a second stand alone samba server for some
> projects needing more space and with local smb users.
> As we think about splitting up the central PDC storage and setting up an
> other filestorage too, I was researching for the 'best' setup.
> I wanted to separate the two main user groups to use one server each, so
> the stuff members do get some more performance.
> But on the other hand I like to use our current setup as much as possible.
> So I hoped that there is some tutorial (there are so many ... :)
> luckily! ) which describes a setup like we are looking for.
> - We will still have one central LDAP and one domain to login.
> - If users belong to stuff, they have access to the profile and user
> files shared by the server 1
> - If users belong to students, they have access to the profile and user
> files shared by the server 2
> - Furthermore we do have a third/++ BIG FILES server whose shares can be
> accessed by users in an user group but authenticate as well by the PDC.
> May be someone can point me to some tutorials or can give other advises
> and suggestions?
> I cant buy new e.g. 10G server/storage hardware, but can use some 'old'
> some-core-lots-of-RAM-1G systems
> 	Thanks a lot and best regards . Götz

More information about the samba mailing list