[Samba] multiple domains on samba as a PDC

Nicolás nicoguerrarocha at gmail.com
Wed Jun 25 06:28:47 MDT 2014 

hello,

My apologies for my english and for not being 100% formal in my words, 
I'm a system engineering student (I'll do my best effort).

My name is Nicolás Guerra, I'm from Uruguay, I work in ASSE 
(administration of state health services) http://www.asse.com.uy
this enterprise serve the half of population of my country (1.5 million 
clients, thousands of employes and thousands PC's connected in the network)

untill now, PC were only connected into the net, with local users such 
(username: user, passwd: user) sometimes using some samba shares in 
separates servers with difrents usernames and passwords for employes for 
each server. We are far away to what it should be, but we are working on 
that.

one year ago I started working with PDC, and joining WindowsXP, 
Windows7, Windows 8, Ubuntu 10.4 (until the newest one), and OpenSuSE 
12.1 (until the newest one) to the domain, I have a master openLDAP 
server and a replicated openLDAP server. I must tell that it works like 
a charm

I'm working with an replicated openLDAP and a storage server (samba, 
nfsserver...) that allows linux to work from mounting nfs, and 
authenticating with ldap, and windows speak with samba (all ok)

I'm am finishing configuring one building (one portion of the 
enterprise), and my next goal is to configure others buildings (I'm not 
configuring the building itself, but the PCs within it :-)).

the idea is configure other storage server with other replicated 
openLDAP for every building, so in every building of the enterprise, we 
need a pair of that (one samba, storage, nfsserver; and one replicated 
openLDAP server).

now my problem is, I was thinking in others PDC, others domain, one 
domain for each building, I was googling and I read this

http://samba.2283325.n4.nabble.com/one-ldap-server-and-multiple-samba-PDC-domains-td2447669.html 


Andrew B. wrote:
"I strongly suggest running a single domain for a single organisation, 
backed by a single LDAP server (or replicated set of LDAP servers)."

I have no "clean idea" of what I need. maybe you can sugest me some 
read, or some ideas of where should I start in order to make the 
corrects desitions in order to grow with this. This have to be higly 
scalable, in the end will be thousands of computers and thousands of 
employees, and I don't want o screw it all up.

Now I'm working with virtual machines, simulating difrents domains, I'm 
having probblems with permissions, and domains sambaSID. I can't make 
windows join to the second domain, I don't know if the ldap entries 
should be isolated between domains entries, like:

masterldap----|----|----|
                       A    B   C

and smbldap-populate all 'A' 'B' 'C' from difrents domains, sid, etc and 
A is one building with storage, samba, replicated openLDAP (only reply 
of A), B other building with storage samba, replicated openLDAP with 
'B', the same with 'C' aon so on.


I thank you, I hope you can help me to take the best desition.

Sds,
Nicolás.

More information about the samba mailing list