[Samba] samba 4 best practices questions
Marc Muehlfeld
samba at marc-muehlfeld.de
Sat Mar 1 10:05:41 MST 2014
Hello Joe,
Am 08.02.2014 21:45, schrieb Joe Maloney:
> I found this email thread here stating samba4 ad roles, and file server
> roles should be on separate servers.
>
> Can anyone answer is this still the case?
Yes. Fileservers should be separate member servers and the DC only do
the domain stuff.
> In addition I've been noticing that sysvol replication is not officially
> supported and third party tools such as rsync can be used as a work
> around.
Not just "not offically supported". It's not implemented yet. :-)
You can use own solutions to replicate the SysVol content between your
DCs. But you have to use tools, that can replicate the ACLs. An easy way
is rsync:
https://wiki.samba.org/index.php/SysVol_Replication
> So I think I would ultimately like each location to have it's own
> standalone PDC or just member servers of the PDC.
>
> My question is are trust relationships working between samba 4 and
> samba4 servers yet? I've been reading that trust relationships are
> one way only does this apply to samba servers only talking to
> eachother as well? Could one user from one location log in at
> another location and so on this way?
I guess you mean with PDC and AD DC. But if you have different domains
on each location, remember, that trusts are not working at the moment.
https://wiki.samba.org/index.php/FAQ#Trusts
> If the above is not possible would joining file servers as member servers
> only prove to be the best way forward until these features are
> implimented? Thanks in advance for any help or advice you may be able to
> provide.
I don't know your environment, locations and requirements. But maybe you
can simply have one domain and separate DCs and Member Servers at the
different locations. Then the authentication is done on each place
against the local DCs, etc.
I'm not that familiar with huge AD installations yet. But with
sites/subnet declarations, etc. maybe most requirements can be complied.
But of course testing is important. And feedback about things that are
working or not working here on the list would be great. Then we can add
them to the Wiki for others.
Regards,
Marc
More information about the samba
mailing list