I've recently inherited a two-headed monster of a network and would like to see what Samba can do for me to help clean up the situation. Due to bias/preference of the past administrator, who favored Unix, when it came time to introduce Windows machines to our department, he basically built a parallel network (physically and logically), and let a graduate student manage the Windows network. As a result, we now have a network consisting of two subnets, Windows and Unix. Each subnet provides it's own file server, print server, DNS, DHCP, directory (NIS vs. Active Directory) and user accounts. Unfortunately for us, this is a rather arbitrary division, as we often have users that dual-boot between the two sides and students that need to do work on both and I would prefer that the two networks be more integrated.
I will be redesigning this network (both physically and logically) and I believe Samba can help me. Some of the ways are clear, whereas some are much less clear. Let me start with my design goals...
1. Repartition the network based on functional needs, not OS choice. Our context is a department at a university. Instead of a Unix subnet and a Windows subnet, I would like a subnet for the undergraduate open labs, a subnet for research groups, a subnet for faculty workstations, etc....whatever services I provide need to play well in this multi-subnet environment.
2. Consolidate file serving duties. I would like for a user to see the same home directory whether booting into Linux, Solaris or Windows. This will reduce the number of instances of users needing to move files between the two systems, as well as provide a single point as a target for backups.
3. Consolidate user accounts. I want one account for each user, period. If I absolutely can't have this, I want to synchronize between the two so that it appears as one. We eventually going to try to authenticate against the campus-wide LDAP service, and the fewer points of authentication I have within my department, the easier that will be.
4. Consolidate DNS and DHCP. Because we have two DHCPs, and because our firewall is set to pass all traffic between the two subnets, I actually have two network cables running to my laptop - I have to switch them when I switch OSes! I am not 100% sure of the reason, the past admin simply said that's how it is, but I believe it's so I hit the "right" DHCP server first. Obviously, that needs to go away. Same with DNS - right now, adding a host means adding it to Active Directory, adding it to NIS, and adding it to 3 /etc/hosts files. This needs to be much cleaner.
5. Consolidate print servers.
6. Preserve as much of the functionality that Active Directory is currently providing. This includes login scripts, roaming profiles, all the permissions management and authentication, serving a dfs, etc....I understand that Samba cannot be an Active Directory server, but I also understand that it can do a lot of the same things AD does.
So, those are the highlights of my goals. I see that it's very straightforward for Samba to do the file and print serving, but is this rock solid? This will be the sole source of home dirs, I don't want the Windows clients flaking out on me. I'm less sure about the authentication. Right now, we use Active Directory on the Win side and NIS on the Unix side. I believe one option is to keep the Active Directory for linux clients, and to use winbind to authenticate against that. However, I would like to get rid of AD altogether if possible. Is there a better model? On the Unix side, NIS has to go. Something like Kerberos or LDAP would be better but I want to make a choice that plays well with Samba and with the Windows clients as well. I know that Kerberos is a good option for cross-platform single-point-of-authentication. Perhaps LDAP. Perhaps they work together? What's the model I'm after and how does Samba fit in? I'm not sure if Samba can help with the current DNS/DHCP woes or if that's simply a matter of setting up one on Linux and pointing everyone at it (not sure how good it is to have DHCP serving multiple subnets like I want, though...) Thoughts?
For the "big picture" is it possible for me to get rid of Active Directory for this network I have of Sun, Linux, NT, 2000, and XP machines and still have hopes of a reliable network? If I need to keep an AD around for one of more of these services, how best to set it up to play with Samba? Those are the kinds of questions I'm after. I have read through the beginning of the O'Reilly Samba book and it appears that Samba is definitely the right track, but I'm hoping for a bit more of the specifics of the model I'm seeking.
Thanks for your time and thoughts, Fran
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
