[Samba] Multiple domain and trust relationship
Julien Deloubes
julien.deloubes at gmail.com
Tue Oct 13 08:10:57 UTC 2015
Thanks Klaus,
this lead to another question: how good is the RODC support as for now
(4.3.0) can i put that in production?
Thanks
2015-10-12 23:34 GMT+02:00 Klaus Hartnegg <hartnegg at uni-freiburg.de>:
> Am 08.10.2015 um 18:20 schrieb Julien Deloubes:
>
>> Now my company will open several sites in different countries.
>> I was wondering what is the actual limitations of Samba4 concerning the
>> multi domain (i'm not a Windows guy and have very limited knowledge about
>> AD).
>> I read about trust relationship limitations (can be trusted but cannot
>> trust) so does this mean that for the moment i'm stuck with one domain?
>>
>
> Different sites do not necessarily need different domains. It depends on
> how good the network connection between the servers is, where you have
> admins, and which admins want to do which tasks.
>
> Different domains have advantages if the network connection is bad, and if
> local admins want to create new ad objects themselves, e.g. new users.
> Separate domains also allow to have the (fsmo role) pdc-emulator local on
> each site, which should always be reachable.
>
> If your use case allows to use readonly domain controllers, then you do
> not need multiple domains, even with bad network connection. But then new
> users might have to wait a bit, before they get their account.
>
> Trust is said to have been improved in samba 4.3, but I do not fully
> understand what the text from the release notes means.
>
> Klaus
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list