[Samba] multiple domains on samba as a PDC
Nicolás
nicoguerrarocha at gmail.com
Wed Jun 25 06:28:47 MDT 2014
hello,
My apologies for my english and for not being 100% formal in my words,
I'm a system engineering student (I'll do my best effort).
My name is Nicolás Guerra, I'm from Uruguay, I work in ASSE
(administration of state health services) http://www.asse.com.uy
this enterprise serve the half of population of my country (1.5 million
clients, thousands of employes and thousands PC's connected in the network)
untill now, PC were only connected into the net, with local users such
(username: user, passwd: user) sometimes using some samba shares in
separates servers with difrents usernames and passwords for employes for
each server. We are far away to what it should be, but we are working on
that.
one year ago I started working with PDC, and joining WindowsXP,
Windows7, Windows 8, Ubuntu 10.4 (until the newest one), and OpenSuSE
12.1 (until the newest one) to the domain, I have a master openLDAP
server and a replicated openLDAP server. I must tell that it works like
a charm
I'm working with an replicated openLDAP and a storage server (samba,
nfsserver...) that allows linux to work from mounting nfs, and
authenticating with ldap, and windows speak with samba (all ok)
I'm am finishing configuring one building (one portion of the
enterprise), and my next goal is to configure others buildings (I'm not
configuring the building itself, but the PCs within it :-)).
the idea is configure other storage server with other replicated
openLDAP for every building, so in every building of the enterprise, we
need a pair of that (one samba, storage, nfsserver; and one replicated
openLDAP server).
now my problem is, I was thinking in others PDC, others domain, one
domain for each building, I was googling and I read this
http://samba.2283325.n4.nabble.com/one-ldap-server-and-multiple-samba-PDC-domains-td2447669.html
Andrew B. wrote:
"I strongly suggest running a single domain for a single organisation,
backed by a single LDAP server (or replicated set of LDAP servers)."
I have no "clean idea" of what I need. maybe you can sugest me some
read, or some ideas of where should I start in order to make the
corrects desitions in order to grow with this. This have to be higly
scalable, in the end will be thousands of computers and thousands of
employees, and I don't want o screw it all up.
Now I'm working with virtual machines, simulating difrents domains, I'm
having probblems with permissions, and domains sambaSID. I can't make
windows join to the second domain, I don't know if the ldap entries
should be isolated between domains entries, like:
masterldap----|----|----|
A B C
and smbldap-populate all 'A' 'B' 'C' from difrents domains, sid, etc and
A is one building with storage, samba, replicated openLDAP (only reply
of A), B other building with storage samba, replicated openLDAP with
'B', the same with 'C' aon so on.
I thank you, I hope you can help me to take the best desition.
Sds,
Nicolás.
More information about the samba
mailing list