[Samba] Implementing Samba 4 in multi site environment

Denis Cardon denis.cardon at tranquil-it-systems.fr
Fri Nov 15 03:58:05 MST 2013

Hi Chandra,
> 1. about bandwidth, this thing one of my consideration because its still
> hard to have good internet bandwidth in good price here in indonesia,
> especially for our site office, most of it only have about upto 1 mbps
> bandwidth,
> currently  i monitor tcp traffic between my PDC and BDC of current samba 3
> installation it only takes about 10 kbps. each server, i hope not so
> different with samba 4

if you have few changes on your AD, then bandwidth comsumption is even 
lower than what you have mesured now. I just ran a iftop on a remote 
samba4 (70 users altogether on the two sites) and had 77kB of transfert 
during the last 10 minutes... Moreover you can plan sync at specific 
time with the "Active directory Sites and Services" management console.

And for the GPO sync, since there is no FRS on samba4 for now, you can 
control with a rsync when you use bandwitdth and how much you use.

> 2. i will try RODC on site office latter on after finish trial on DC member
> on site office
> 3. if im using RODC, is user-client on site office can change their
> password from their pc on site office ?

Yes you can change your passwords. You should even be able to select 
what password hashes you sync to the remote branch in order to avoid 
having all your kerberos hashes laying around small offices without much 
physical security around the server room.



> On Thu, Nov 14, 2013 at 7:55 PM, Denis Cardon <
> denis.cardon at tranquil-it-systems.fr> wrote:
>> Hi Chandra,
>>   i need some suggestion about implementing samba 4 in multisite environment
>>> im still new in samba 4, i have finish install my first samba 4 DC in my
>>> centos 6 machine without any  problem.
>>> i have plan to implement samba 4 in distribute / multisite environment, i
>>> have one head quarter office and aroung 20 site office, in my head quarter
>>> office i have not more than 50 PC client and in every site office i have
>>> no
>>> more than 10 PC client to manage. every site office connected to head
>>> quarter office by openvpn connection in route mode so every site office
>>> has
>>> different network. let say head quarters office network is
>>> site office network are
>>>  until
>>> my plan is i will install dc in head quarter office and i will install
>>> additional dc in every  site office that will replicate the directory only
>>> with the head quater office dc.
>>> so my question are
>>> 1. is my plan possible to be implemented?
>> I have similar samba setups with banch office having samba4 server with
>> replication running, and everything run smoothly. I only have 3-4 sites max
>> on each setup thought. I don't know how you will fare with 20 DCs, and I
>> guess in such a setup you might want to use RODC on branch offices.
>>   2. how many bandwidth do i need in every site (head quarters office and
>>> each site office) to run my plan?
>> DC to DC replication bandwidth seems not to be a problem (I never had a
>> nagios alert due to it). However you may have to be carefull it you want to
>> deploy large file through GPO.
>>   3. is anyone here ever implement the same scheme with my plan, pliz in
>>> need
>>> some advice to implement it ..
>> You probably will have to setup your Active Directory Sites and Service
>> properly so each sites authenticate on the right DC to avoid unnecessary
>> inter-site traffic, and be carefull with your ntp time.
>> Cheers,
>> Denis
>> --
>> Denis Cardon
>> Tranquil IT Systems
>> Les Espaces Jules Verne, bâtiment A
>> 12 avenue Jules Verne
>> 44230 Saint Sébastien sur Loire
>> tel : +33 (0)
>> http://www.tranquil-it-systems.fr

Denis Cardon
Tranquil IT Systems
Les Espaces Jules Verne, bâtiment A
12 avenue Jules Verne
44230 Saint Sébastien sur Loire
tel : +33 (0)

More information about the samba mailing list