Hi, so my answers are filled in
Carlos Vidal schrieb:
Hi:
Can anybody point me to some guidelines about SMB network design or
give some advice? Samba HOWTOs are very detailed recipes, but I need
some general tips, like if we are serving fish or pasta tonight :-)
This is the situation: a WAN with 20 offices with 2 to 30 people in
each, plus a headquarter with 50 people, plus the databases and
central file servers. The organization grew up on a NT4 infrastructure
using trust relationships and per office domains. The total network
size is about 300 clients.
As the servers were ageing, in the first half of 2005 we replaced most
of them with Linux FC3 + Samba (upgraded now to 3.0.14a) and kept the
old NT4 as logon servers and PDCs. Three months ago we replaced the
central PDC at the HQ with Linuxe+LDAP+Samba3.
So now that we have the confidence of our customer, we want to move on
and replace the remaining NT4 logon servers. We have the opportunity
to change the current architecture to get a better infrastructure.
These are the requirements:
Must have:
- People need to access shares in the HQ servers.
no problem
- People need to access shares in their local servers.
no problem
- If the WAN is down, people can still work with their local servers.
no problem with caching the profiles on the win clients and/or use
offline file folders
Nice to have:
- A single account per user, not one per user and domain
??? if you use domain style you have accounts like this domain\username
( use nt group-features for more )
i think the questions goes give every office their own domain and use
trusts or use one big one
- No profile transmitions over the WAN
if you have a short time guest from another office his profile will be
catched over the wan/vpn
setup up a policy for what time distance a users profile should move to
the bdcs.
There are many more possible layouts of this ( using profile syncs,
shared filesystems over wan etc but i wouldnt recommend them )
- Should be simple to move a user accounts from one office to another
it is simple , just copy them ( be aware all file acl etc are kept )
- Scalability, the company is growing well.
using slave ldaps one the bdcs will give you no problem
- Keep the backbone in Linux
whatever
What follows are the alternatives I'm considering, but I have
difficulties foreseeing the tradeoffs:
A) A single domain with a PDC in the HQ and BDCs in each remote
office. A master LDAP server in the HQ and a slave LDAP in each remote
office.
*Pros: Simple to implement and use
*Cons: How scalable is it? What if we have 500 clients and 35 offices
in 2 years?
i would prefer one domain with pdc samba (master ldap ) and bdcs ( slave
ldaps ) in the vpn offices 500 cleints and 35 offices
may confuse you at the network layout but are no problem to performance
depending to the network vpn/wan speed
do a well internal name serving as fallback to wins
B) A domain per remote office (as today), plus trust relationships to
access the HQ files. A single LDAP backbone with branches for each
domain, a master LDAP in HQ and slave LDAPs in the remote offices.
*Pros: Domains follow the physical reality. Users and sysadm are used
to this scheme.
*Cons: Administrative burden to move people around.
trust may have failures with wins timeouts over wans,
for delegating domain work use privileges in samba
C) Modify Samba LDAP schema so that the same UID can belong to several
domains at the same time (see
http://lists.samba.org/archive/samba-technical/2004-February/034203.html).
*Pros: People can have different profiles in each office and still use
the same login/password without too much administrative burden. No
trust relationships needed.
*Cons: We move away from the "standard" Samba+LDAP config
never done this , and i see no real win about this
Are there other options? Which are the tradeoffs? What are people with
similar networks using?
Thanks in advance!
done this setups with vpn 4 offices and 100 users , no problem
mostly networking questions.
the more dicussed question was using outlook/exchange ( or linux
dervirat ) and pst files et, since the users wanted to have groupware
features like outlook.
Your questions are more related to the gerneral nt domain and network
layout, not special to samba.
a last tip only use one version of windows in the whole company (
recommend win xp, cause win200 will get outdated soon )
this will help you using profiles and policies, laptop moving users and
so called roadwarriors may give the most pain as they need vpn
setups and other policies
Carlos
i dont know when samba 4 gets released , if you got time this will make
your life more easy in such setups,
perhaps the Gurus know more on release and features about samba 4
Regards
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
