Hello, I am trying to figure out how to implement a samba domain in a number of remote offices around the world with partly bad and often interrupted WAN connections/VPNs. The goal is to administer the directory from the central data center.
My obvious choice would be to set up a central server with SAMBA+OpenLDAP+smbldap-tools and in each remote office a SAMBA server with OpenLDAP as a read-only slave from the central master. Although I seem to make progress, it seems that the more time I invest in this project, the more questions emerge. My latest issue made me create this mailman account. My question is: When the remote SAMBA server only talks to its own local, read-only LDAP slave, how is it going to change user/machine passwords or add machine accounts (when joining the domain)? In my test setup an XP client inisisted on trying to join the BDC, failing because a) smbldap-tools is not installed or b) it could not write to the slave LDAP directory. I surely could configure the remote SAMBA to talk to the central OpenLDAP service, but then I would not need LDAP replication and would not have a failover in case the WAN link goes down. There was the SAMBA option to have multiple tdbsam backends but this is not supported anymore. I hope that my explanation does enable somebody to give me a hint understanding what can/should/must be done. Kind regards Sven Ehret -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
