[Samba] Samba BDC at company branch in different subnet?
Karel Lang AFD
lang at afd.cz
Thu Apr 30 02:13:37 MDT 2015
Hello guys,
i just wanted to ask about an idea, if it is feasible (or not).
The company i work for (350 users) has 2 branches, that are
interconnected with HQ via L2TP (encapsulated in IPsec) tunnels, that
are setup in between Mikrotik routers.
current setup:
300 users
| HQ 192.168.2.0/23 |
| Samba PDC + LDAP |
| (389 DS) backend |
| |
| |
/ \
30 users / \ 20 users
| 1st branch | | 2nd branch |
| 192.168.4.0/24| |192.168.6.0/24|
| Samba PDC with| |Samba PDC with|
| tdbsam backend| |tdbsam backend|
So far, it was OK, but thing is, users started to (due to new projects)
rotate/migrate in between branches and HQ.
So to maintain users passwords and credentials became difficult and
generally pain.
Questions:
1. theoretically speaking - is it possible to redo/change the 2 PDC
located at 2 company branches to BDC and slave them to HQ PDC and also
to make them to authenticate users against HQ LDAP server?
2. can BDC propagate local storage filesystems - meaning, BDC to
propagate different filesystems than the PDC?
I dont think i can safely propagate the storage from HQ via SMB running
through L2TP ..
Any insights, advice highly appreciated.
Thank You
PS.
To answer q. some might ask:
1. We still run Samba 3.6, our Linux servers are RHEL6.6 whic means no
Samba AD is available for us so far. Red Hat still doesn't support Samba
AD at their official packages.
2. I plan on to switch to Samba 4 (to get access to newest SMB 2 and 3
protocols), but keep the PDC <-> BDC Style, untill Red Hat will support
it in their own packages.
--
*Karel Lang*
*Unix/Linux Administration*
lang at afd.cz | +420 731 13 40 40
AUFEER DESIGN, s.r.o. | www.aufeerdesign.cz
More information about the samba
mailing list