i have a equal setup with 3 offices which works nice since one year.
but it depends deeply to the quality of your network ( vpn limits )
think of traveling users the mount their profiles form their
home bdcs or home networks, so having good connect is a must, and let not rise their profiles over a limit of 10-30 MB
All this stuff is not really samba depend its more a question of the quality of your network lines and general planing a win domain.
I would not recommend to replicate users homes and profiles from pdc to the bdcs.
Normally a user has his home office , when he comes to new one
longer for lets say 3 months , you should migrate his home and profile
to the new office.
For sure if you have super netowrk lines you can do it with nfs or permanent replicating etc.
But for most cases this isnt the case.
cause you have no control of the users inlog time and behavior ( think of global time zones ) you will run in heavy replication problems and cant make sure that the user gots the last version of his profile and so on.
But maybe someone has a solution for this , i dont have one.
i did it like this:
one main office with the master ldap pdc
hosting homes and profiles of the users main office,
limit their profiles with policies, stoped caching of profiles
for workstations ( laptops are allowed to cache profiles )
Master Dns and own net with own dhcp server, with one dynamic open net range.
vpn via openvpn ( 1,5 MB line ) from firewall to firewall
which does content filter and www caching too.
In the other offices
a own firewall-openvpn-own-internal-net dhcp server
with one dynamic open range dhcp for laptops
one ldap slave samba bdc hosting this office users and profiles
and also a slave dns from the master dns.
limit their profiles with policies, stoped caching of profiles
for workstations ( laptops are allowed to cache profiles )
in this setup every office can have his own netlogon script
related to their needs.
I used pptpd for dial in for home workers on every office firewall.
If you want totally be independed to crashes , you can think
of making own domains for every office and establish trusts between them, which works nice too, so every office has his pdc dns and dhcp.
As i said before it depends hardly on your needs and your network lines
which solution you should use so there s no complete answer to your question.
I recommend to study the samba book deeply as it has very good examples.
In principle all your needs can be done.
Maybe some other samba users will give you mor tips to your planned setup.
I started mine with installing a firewall, bdc ( pdc ) ,and one win client behind in all offices and did all the tests which i needed
and then switched the allready installed office networks to the new firewall on a seperated nic, so migration could be done one computer after the other and only small interupts were feelable to the users.
and they were able to work nearly every time during migration.
I have ca. 100 Users and 100 Machines in 3 offices no critical error passed in the last 10 month.
Best Regards
Tomasz Chmielewski schrieb:
rruegner wrote:
Hi,
if you replicated the ldap data base to the slave ldap and setup
the bdc to use the slave ldap auth will work.
If you setup the users profiles and homes hosted to the bdc
machine this will work too.
Usally your pdc is in an other office over vpn
so the users in this office should have their homes on the bdc.
But there are serveral other setups thinkable, you will have the profile
and homes if the machine on which they are hosted is connectable by the win client machines so it could be i.e a nas server too.
If you want a redundant setup pdc bdc with homes and profiles
you have to do a permanent replication from the pdc ( if your homes are there ) to the bdc.
You can also yous a 3 machine and mount homes and profiles via nfs
to the bdc and the pdc....
So there are many setups you can use, choose what fits best to your needs.
Actually, I'm still planning and testing my setup.
It will be the following setup:
1) almost 20 offices in different cities, possibly connected using VPN over internet
2) in each office one [Samba Domain Controller + OpenLDAP slave server on one machine] and about 30 workstations
3) in one central location [OpenLDAP master server and Samba Domain Controller on one machine]
Now this is supposed to have the following features:
1) users can log in in any office (easy with LDAP replication)
2) users' roaming profiles backed up to this central Samba Domain Controller each night
Now here comes the tricky part:
If a machine running [Samba Domain Controller + OpenLDAP slave] in any of the offices crashes, users should be able to log into that central [OpenLDAP master server and Samba Domain Controller on one machine].
Is it possible? If so, how?
Any comments appreciated.
Tomek
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
