Andrew Barlett wrote: > > Domain trusts (in terms of us being a PDC trusting other DCs) are > currenetly a work in progress. We hope to have it finished for Samba > 3.0. > > However, why do you need domain trusts? (There are lots of > good answers > to this question, but make sure you do have one of the answers). > > Samba 2.2 has always supported being a member server in a domain with > domain trusts, for the record. >
Andrew: Interesting you should ask about the *need* for my three domains and their trusts. Myself and a junior-admin had this same discussion the day I wrote the post. Looking back, it just seemed the logical thing to do. You see, in the beginning the three domains weren't connected - definite need then. When we put the WAN in place we didn't want to "rip-out" anything, so we used the trusts to "bind" the domains together - *need* defined as we needed it working ASAP. Personally, I would prefer to keep them separate just for greater user/group control. But, I can also see that I may not *need* the independent PDCs that trust each other, but maybe a PDC and 2 BDCs. I'm looking hard at the latter just so I do not hit any major hurdles when moving to SAMBA. Thinking along those lines I must pose the question: Will a SAMBA BDC function as an NT BDC in that an NT BDC will cache (i.e. store locally) user/group/SID information and only update/sync with the PDC at a specified intervals? If we go with the one domain concept here, I'm going to need the BDCs in each office to basically "run the show" for that office when it comes to authentication. I do not want logons, etc. being passed to the PDC across a 128K frame line half-way across the state - except in an emergency like the BDC being offline. The reason I ask is that I've not tried to simulate this yet and it really is the only sticking point in the single domain plan (that I can see now). Thanks for your response and I hope that I have not broad-sided you with my theorizing and planning. Thanks, Kevin L. Collins, MCSE Systems Manager Nesbitt Engineering, Inc.
smime.p7s
Description: application/pkcs7-signature
