[Samba] Multiple domain and trust relationship
Klaus Hartnegg
hartnegg at uni-freiburg.de
Mon Oct 12 21:34:46 UTC 2015
Am 08.10.2015 um 18:20 schrieb Julien Deloubes:
> Now my company will open several sites in different countries.
> I was wondering what is the actual limitations of Samba4 concerning the
> multi domain (i'm not a Windows guy and have very limited knowledge about
> AD).
> I read about trust relationship limitations (can be trusted but cannot
> trust) so does this mean that for the moment i'm stuck with one domain?
Different sites do not necessarily need different domains. It depends on
how good the network connection between the servers is, where you have
admins, and which admins want to do which tasks.
Different domains have advantages if the network connection is bad, and
if local admins want to create new ad objects themselves, e.g. new
users. Separate domains also allow to have the (fsmo role) pdc-emulator
local on each site, which should always be reachable.
If your use case allows to use readonly domain controllers, then you do
not need multiple domains, even with bad network connection. But then
new users might have to wait a bit, before they get their account.
Trust is said to have been improved in samba 4.3, but I do not fully
understand what the text from the release notes means.
Klaus
More information about the samba
mailing list