[Samba] Basic questions regarding Samba capabilities

Jason Voorhees jvoorhees1 at gmail.com
Fri May 25 08:49:12 MDT 2012


On Mon, May 21, 2012 at 8:01 AM, Daniel Müller <mueller at tropenklinik.de> wrote:
> IN a such great environment like yours I would suggest having several PDCs
> in replication mode.

Is this possible to implement with Samba 3.x?

> -----------------------------------------------
> EDV Daniel Müller
> Leitung EDV
> Tropenklinik Paul-Lechler-Krankenhaus
> Paul-Lechler-Str. 24
> 72076 Tübingen
> Tel.: 07071/206-463, Fax: 07071/206-499
> eMail: mueller at tropenklinik.de
> Internet: www.tropenklinik.de
> -----------------------------------------------
> -----Ursprüngliche Nachricht-----
> Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] Im
> Auftrag von Aaron E.
> Gesendet: Montag, 21. Mai 2012 14:51
> An: samba at lists.samba.org
> Betreff: Re: [Samba] Basic questions regarding Samba capabilities
> First, I'm not sure if your speaking of samba4 or just upgrading your s3
> domain structure .. my comments are based on samba4 hope it helps ..
> Policies: -- Group policy works with S4.. So whatever group policies you can
> set in windows DC you can set on the S4 dcs..
> Scalability -- 1PDC and several BDCs would be your answer. Essentially your
> going to create the same infrastructure as you would with the windows family
> of servers. unstead of multiple pdc's you'd use bdc's at in different
> vlans.. or RODC's but I am not sure where the RODC's are in terms of
> completeness.
> Backend -- OPENLDAP isn't supported as a back-end.. I believe that your only
> option is to use the built-in samba4 back-end at this point..
> Compatability -- there are no special steps in joining windows 7 or 2008
> servers to the S4 domain..
> There is an upgrade script that should pull your users and computers to the
> new domain, obviously this would require extensive testing in your
> environment.
> On 05/20/2012 11:32 AM, Jason Voorhees wrote:
>> Hi people:
>> I've been using Samba for a long time with some "basic" features like
>> Samba working as a PDC, integrated with OpenLDAP, being a print
>> server, among others, for a small number of "almost controlled" users
>> (no more than 30 or 50 users).
>> But now I'm interested to implement a Windows domain using Samba for a
>> University with 6000-8000 users distributed through several VLANs,
>> subnets, offices in a medium/big campus. I'd like to avoid using a
>> propietary solution like Windows 2008 with ADS so I'd like to know
>> some suggestions like these:
>> Policies:
>> =======
>> - How well can Samba manage policies for workstations?
>> - Is it easy or safe to apply and/or remove policies from workstations?
>> - What kind of things can I allow or deny from succeding in
>> workstations using policies? For example: could I avoid users from
>> changing the IP address of the workstation? Could I set a fixed
>> wallpaper or internet explorer proxy settings to workstations?
>> Scalability
>> ========
>> In a big scenario like the previous i mentioned:
>> - How many BDCs would be needed? Is it enough to have 1 PDC and severals
> BDCs?
>> - Is it possible to have multiple PDCs of the same domain each one
>> being in a different VLAN? or, what's the right approach in terms of
>> structure-architecture to implement PDCs and BDCs?
>> Backend
>> =======
>> Definitely I plan to use OpenLDAP as backend but, similar to the
>> previous question about BDCs: how many Master/Slave OpenLDAP servers
>> do you think it would be necessary? It could be 1 BDC+OpenLDAP (slave
>> or master) for each office or VLAN?
>> Compatibility:
>> ===========
>> - I know that are some procedures to join Windows 7 to Samba domain, I
>> did this before successfully. Do you know -maybe- of another possible
>> compatibility problem that you suggest I can be prepared for?
>> - If after some time (weeks, months or years) I plan to replace this
>> Samba based domain to Windows 2k ADS domain: is it possible to do this
>> migration without problem? it isn't necessary to reinstall all the
>> domain and rejoin all the workstation?
>> Technically I can investigate how to implement each of these features
>> (policies, BDCs, openldap, etc...) but before taking a decision like
>> this i would like to have some suggestions of people that have done
>> similar implementations before. This help it would be excellent for
>> me, I hope some one can help.
>> Thanks
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list