[Samba] Domains: Pros and Cons?

Wed, 07 Jul 2004 06:53:20 -0700 

I have Samba running without a PDC and I have some questions
about the advantages for implementing one with Samba vs. the
problems and disadvantages.  Perhaps some kind souls can
help me determine whether I should do this or not.

We have three offices connected by a Checkpoint VPN, plus
people "on the road" using their SecureClient tool.  We
want everyone to be able to get to all the Samba servers
from wherever they are.

Here's a sample topology:
    MtLaurel (NJ,US)
        172.25.0.0/16
            corp -- a samba server running on our large Sun file server
            print -- a samba server running on a linux box with CUPS for
                printing
    Dallas (TX,US)
        172.27.0.0/16
            derby -- a samba server on Sun for local storage and printing
    Sophia (-Antipolis,FR)
        172.26.0.0/16
            tank -- a samba server on Sun for local storage and printing

Right now each location is running in its own workgroup, no PDCs.

If we go with a PDC I see the following advantages and disadvantages:

1) Single sign-on, consistent login -- advantage
   It would all be backed by our current LDAP SAM.
2) Anyone can log into any PC -- disadvantage
   People have become used to not worrying about security on
   their own PCs as nobody else could login.  Once "domained"
   anyone can login.
3) Complexity
   I am concerned about keeping this whole house of cards working with
   a PDC in MtLaurel and "slave" PDCs in the other locations.   Our
   people travel a lot and they need to use resources while in non-home
   offices.  How do they join the MtLaurel PDC and then move to the Sophia
   one?  How do they use one inside the corporate network from outside?
4) Password change -- this is the thing driving (forcing) the issue.
   With a PDC, the user logs in at the windows client with the same password
   as is used for all the other network resources.  It can be setup to
   expire passwords and the user can change their password from the login
   dialog (or with ctl-alt-del...) and it will take effect for everything.
   Is there any way to get just this capability without all the issues
   associated with a PDC?


--
Gary Algier, WB2FWZ          gaa at ulticom.com             +1 856 787 2758
Ulticom Inc., 1020 Briggs Rd, Mt. Laurel, NJ 08054      Fax:+1 856 866 2033

Nielsen's First Law of Computer Manuals:
    People don't read documentation voluntarily.

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Reply via email to