[Samba] multiples domains or PDCs in samba

Nicolás nicoguerrarocha at gmail.com
Thu Jul 3 11:18:25 MDT 2014

El 01/07/14 11:39, Gaiseric Vandal escribió:
> So the questions are:
> 1. Are the people in the separate buildings in separate business 
> decisions?
It is a nationwide healt organization. about 5000 computers, 28000 
employees and every facility addresses equivalent issues. File sharing 
should be considereded inside each facility, but same LDAP is used for 
other application authentication.

> 2. Are the buildings connected by Ethernet or something fast enough 
> for file sharing or at least account  replication
MPLS 4Mpbs connections... not fast enough

> 3. Do people in one building need access to resources in other buildings?

> Are you using samba 3.x or 4.x.       I have worked with Samba 3.x so 
> I am not as familiar with domain trusts in Samba 4.x
Samba 3.x so far.

> If you have one domain for 2 or more buildings  (sites)  with a good 
> connection you should still have a separate Samba server in each site 
> to function as a DC and file server.  This way users will have fast 
> logins and fast access to the files in their site, and can still 
> access files in other sites if need be.   And they still have 
> functionality even if your site link goes down.   You MAY want to 
> configure a separate TCP/IP subnet and DHCP server for each site in 
> case your connection between sites goes down.

> Having separate domains for each building will increase the overall 
> management you may have to do.  But having a single domain for many 
> sites increases the risk that multiple sites may have downtime at once.
The idea is to replicate "only" the required information to each facility.
This would give each deploy resilience in case of communication failures 
and in case of security compromise (stealth or takeover) of a server, 
only local credentials are exposed, not companywide.

More information about the samba mailing list