Re: [Samba] Basic questions regarding Samba capabilities
On Fri, 2012-05-25 at 09:49 -0500, Jason Voorhees wrote: > On Mon, May 21, 2012 at 8:01 AM, Daniel Müller > wrote: > > IN a such great environment like yours I would suggest having several PDCs > > in replication mode. > Is this possible to implement with Samba 3.x? Yes, *painfully*. Use Samba4 and create an Active Directory domain. It is *much* smoother, less work, and more feature complete. Not to mention that Samba3/NT4 domains support is in support twilight; is is very much time to move on. -- Adam Tauno Williams GPG D95ED383 Systems Administrator, Python Developer, LPI / NCLA -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Basic questions regarding Samba capabilities
On Fri, 2012-05-25 at 09:48 -0500, Jason Voorhees wrote: > Hi, thanks for your reply: > > On Mon, May 21, 2012 at 7:51 AM, Aaron E. wrote: > > First, I'm not sure if your speaking of samba4 or just upgrading your s3 > > domain structure .. my comments are based on samba4 hope it helps .. > > > > Actually I was thinking about using a stable version of Samba like > 3.x. I know that Samba 4 is still being developed for many years. Do > you really suggest me to use this alpha version of Samba4 for a > critical environment like the one I described? It would be great to > have an Open Source ADS implementation with Samba4 but for now I think > I can just get as much as possible of features that Samba 3.x can > offer me. The problem with deploying a Samba3 DC is that you cannot use group policies in that version. Only an AD DC can do that - which is one of the major reasons we have done it. > > Policies: -- Group policy works with S4.. So whatever group policies you can > > set in windows DC you can set on the S4 dcs.. > > > > What tool do you use for edit/create policies? I was reading a little > about the native MS Windows 2000 tool for policy editing but if you > suggest me to use Samba4 I believe you could recommend me to use the > Windows 2003/2008 policy editor or something like that? You use the Microsoft management tools, just as if you were running a headless AD DC from Microsoft. Searching for the 'Remote server administration tools' and you should find it. > > Scalability -- 1PDC and several BDCs would be your answer. Essentially your > > going to create the same infrastructure as you would with the windows family > > of servers. unstead of multiple pdc's you'd use bdc's at in different > > vlans.. or RODC's but I am not sure where the RODC's are in terms of > > completeness. > > > > I'm sorry but I have never heard about RODCs before. Are they read > only primary or backup domain controller? How do they work? The major gap on RODCs at the moment is that we need to record the attributes that we replicate to the RODC. We don't do that at the moment. > > Backend -- OPENLDAP isn't supported as a back-end.. I believe that your only > > option is to use the built-in samba4 back-end at this point.. > > > > Compatability -- there are no special steps in joining windows 7 or 2008 > > servers to the S4 domain.. > > > > There is an upgrade script that should pull your users and computers to the > > new domain, obviously this would require extensive testing in your > > environment. > > > > > > > > Thanks for all > > > > On 05/20/2012 11:32 AM, Jason Voorhees wrote: > >> > >> Compatibility: > >> === > >> - I know that are some procedures to join Windows 7 to Samba domain, I > >> did this before successfully. Do you know -maybe- of another possible > >> compatibility problem that you suggest I can be prepared for? > >> - If after some time (weeks, months or years) I plan to replace this > >> Samba based domain to Windows 2k ADS domain: is it possible to do this > >> migration without problem? it isn't necessary to reinstall all the > >> domain and rejoin all the workstation? If you were to go with Samba 3.x, then you could upgrade to Samba4. Some folks have used this as a path to Microsoft's AD. However, the upgrade will only consider the Samba account details, not the full directory LDAP directory structure. If you want AD, then go with Samba 4.0. We hope to release a beta very soon, now that we have integrated the new file server. While we provide tools for the upgrade, it is much easier to just start with that than to upgrade to it, because you will develop tools and procedures for modifying the LDAP directory, and many of these would need to be rewritten, and adapted the the new schema. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Basic questions regarding Samba capabilities
On Mon, 2012-05-21 at 15:56 +0200, L.P.H. van Belle wrote: > Hai, > > Backend -- OPENLDAP isn't supported as a back-end.. I believe that your > only option is to use the built-in samba4 back-end at this point.. > > About above, is it still posible to replicate the "samba ad/ldap" to other > ldap servers ( without samba ), > and will openldap be a supported backend in the future. No, the OpenLDAP backend was a dead end development wise for the AD DC. We couldn't make it work fully, and it won't be revived because it is (essentially) incompatible with DRS replication and needs the AD schema anyway. Because we are tied to AD schema and behaviour, using a different LDAP server simply doesn't bring us any significant gains. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Basic questions regarding Samba capabilities
On 05/25/2012 06:26 PM, Lukasz Zalewski wrote: Hi Jorell, On 25/05/12 16:57, Jorell wrote: On 5/25/2012 7:48 AM, Jason Voorhees wrote: To manage group policies you install "Group Policy Management Console" (gpmc.msi) on a windows workstation connected to the domain. Hi Is there "Group Policy Management Console" on a Linux DC? Without being an LDAP expert that is. Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Basic questions regarding Samba capabilities
On Fri, May 25, 2012 at 09:49:12AM -0500, Jason Voorhees wrote: > Hi: > > On Mon, May 21, 2012 at 8:01 AM, Daniel Müller > wrote: > > IN a such great environment like yours I would suggest having several PDCs > > in replication mode. > > > > Is this possible to implement with Samba 3.x? Sure, use openldap as a backend and replicate. Been a while since I had anything to do with that but that's how it's traditionally been done. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Basic questions regarding Samba capabilities
Hi Jorell, On 25/05/12 16:57, Jorell wrote: On 5/25/2012 7:48 AM, Jason Voorhees wrote: Hi, thanks for your reply: On Mon, May 21, 2012 at 7:51 AM, Aaron E. wrote: First, I'm not sure if your speaking of samba4 or just upgrading your s3 domain structure .. my comments are based on samba4 hope it helps .. Actually I was thinking about using a stable version of Samba like 3.x. I know that Samba 4 is still being developed for many years. Do you really suggest me to use this alpha version of Samba4 for a critical environment like the one I described? It would be great to have an Open Source ADS implementation with Samba4 but for now I think I can just get as much as possible of features that Samba 3.x can offer me. > From reading the mailing list, people using S4 for it's Active Directory have had great success, it's when they try to use the file server side of things is when they have problems. Also Samba 4 ADS is interchangeable with Windows Server ADS. We have been running samba4 in production environment for almost two years. Our setup is quite basic, single S4 DC, and s3 member servers for file serving and printing. We have ~300 pc's (almost all Windows 7) and ~2500 users But you probably will need more elaborate setup. Policies: -- Group policy works with S4.. So whatever group policies you can set in windows DC you can set on the S4 dcs.. What tool do you use for edit/create policies? I was reading a little about the native MS Windows 2000 tool for policy editing but if you suggest me to use Samba4 I believe you could recommend me to use the Windows 2003/2008 policy editor or something like that? To manage group policies you install "Group Policy Management Console" (gpmc.msi) on a windows workstation connected to the domain. Windows RAT will do the trick: http://wiki.samba.org/index.php/Samba4/HOWTO#Step_1:_Installing_Windows_Remote_Administration_Tools_onto_Windows Scalability -- 1PDC and several BDCs would be your answer. Essentially your going to create the same infrastructure as you would with the windows family of servers. unstead of multiple pdc's you'd use bdc's at in different vlans.. or RODC's but I am not sure where the RODC's are in terms of completeness. I'm sorry but I have never heard about RODCs before. Are they read only primary or backup domain controller? How do they work? Backend -- OPENLDAP isn't supported as a back-end.. I believe that your only option is to use the built-in samba4 back-end at this point.. Compatability -- there are no special steps in joining windows 7 or 2008 servers to the S4 domain.. There is an upgrade script that should pull your users and computers to the new domain, obviously this would require extensive testing in your environment. Thanks for all On 05/20/2012 11:32 AM, Jason Voorhees wrote: Hi people: I've been using Samba for a long time with some "basic" features like Samba working as a PDC, integrated with OpenLDAP, being a print server, among others, for a small number of "almost controlled" users (no more than 30 or 50 users). But now I'm interested to implement a Windows domain using Samba for a University with 6000-8000 users distributed through several VLANs, subnets, offices in a medium/big campus. I'd like to avoid using a propietary solution like Windows 2008 with ADS so I'd like to know some suggestions like these: Policies: === - How well can Samba manage policies for workstations? - Is it easy or safe to apply and/or remove policies from workstations? - What kind of things can I allow or deny from succeding in workstations using policies? For example: could I avoid users from changing the IP address of the workstation? Could I set a fixed wallpaper or internet explorer proxy settings to workstations? Scalability In a big scenario like the previous i mentioned: - How many BDCs would be needed? Is it enough to have 1 PDC and severals BDCs? - Is it possible to have multiple PDCs of the same domain each one being in a different VLAN? or, what's the right approach in terms of structure-architecture to implement PDCs and BDCs? Backend === Definitely I plan to use OpenLDAP as backend but, similar to the previous question about BDCs: how many Master/Slave OpenLDAP servers do you think it would be necessary? It could be 1 BDC+OpenLDAP (slave or master) for each office or VLAN? Compatibility: === - I know that are some procedures to join Windows 7 to Samba domain, I did this before successfully. Do you know -maybe- of another possible compatibility problem that you suggest I can be prepared for? - If after some time (weeks, months or years) I plan to replace this Samba based domain to Windows 2k ADS domain: is it possible to do this migration without problem? it isn't necessary to reinstall all the domain and rejoin all the workstation? Technically I can investigate how to implement each of these features (policies, BDCs, openldap, etc...) but before taking a decision like
Re: [Samba] Basic questions regarding Samba capabilities
On 5/25/2012 7:48 AM, Jason Voorhees wrote: Hi, thanks for your reply: On Mon, May 21, 2012 at 7:51 AM, Aaron E. wrote: First, I'm not sure if your speaking of samba4 or just upgrading your s3 domain structure .. my comments are based on samba4 hope it helps .. Actually I was thinking about using a stable version of Samba like 3.x. I know that Samba 4 is still being developed for many years. Do you really suggest me to use this alpha version of Samba4 for a critical environment like the one I described? It would be great to have an Open Source ADS implementation with Samba4 but for now I think I can just get as much as possible of features that Samba 3.x can offer me. > From reading the mailing list, people using S4 for it's Active Directory have had great success, it's when they try to use the file server side of things is when they have problems. Also Samba 4 ADS is interchangeable with Windows Server ADS. Policies: -- Group policy works with S4.. So whatever group policies you can set in windows DC you can set on the S4 dcs.. What tool do you use for edit/create policies? I was reading a little about the native MS Windows 2000 tool for policy editing but if you suggest me to use Samba4 I believe you could recommend me to use the Windows 2003/2008 policy editor or something like that? To manage group policies you install "Group Policy Management Console" (gpmc.msi) on a windows workstation connected to the domain. Scalability -- 1PDC and several BDCs would be your answer. Essentially your going to create the same infrastructure as you would with the windows family of servers. unstead of multiple pdc's you'd use bdc's at in different vlans.. or RODC's but I am not sure where the RODC's are in terms of completeness. I'm sorry but I have never heard about RODCs before. Are they read only primary or backup domain controller? How do they work? Backend -- OPENLDAP isn't supported as a back-end.. I believe that your only option is to use the built-in samba4 back-end at this point.. Compatability -- there are no special steps in joining windows 7 or 2008 servers to the S4 domain.. There is an upgrade script that should pull your users and computers to the new domain, obviously this would require extensive testing in your environment. Thanks for all On 05/20/2012 11:32 AM, Jason Voorhees wrote: Hi people: I've been using Samba for a long time with some "basic" features like Samba working as a PDC, integrated with OpenLDAP, being a print server, among others, for a small number of "almost controlled" users (no more than 30 or 50 users). But now I'm interested to implement a Windows domain using Samba for a University with 6000-8000 users distributed through several VLANs, subnets, offices in a medium/big campus. I'd like to avoid using a propietary solution like Windows 2008 with ADS so I'd like to know some suggestions like these: Policies: === - How well can Samba manage policies for workstations? - Is it easy or safe to apply and/or remove policies from workstations? - What kind of things can I allow or deny from succeding in workstations using policies? For example: could I avoid users from changing the IP address of the workstation? Could I set a fixed wallpaper or internet explorer proxy settings to workstations? Scalability In a big scenario like the previous i mentioned: - How many BDCs would be needed? Is it enough to have 1 PDC and severals BDCs? - Is it possible to have multiple PDCs of the same domain each one being in a different VLAN? or, what's the right approach in terms of structure-architecture to implement PDCs and BDCs? Backend === Definitely I plan to use OpenLDAP as backend but, similar to the previous question about BDCs: how many Master/Slave OpenLDAP servers do you think it would be necessary? It could be 1 BDC+OpenLDAP (slave or master) for each office or VLAN? Compatibility: === - I know that are some procedures to join Windows 7 to Samba domain, I did this before successfully. Do you know -maybe- of another possible compatibility problem that you suggest I can be prepared for? - If after some time (weeks, months or years) I plan to replace this Samba based domain to Windows 2k ADS domain: is it possible to do this migration without problem? it isn't necessary to reinstall all the domain and rejoin all the workstation? Technically I can investigate how to implement each of these features (policies, BDCs, openldap, etc...) but before taking a decision like this i would like to have some suggestions of people that have done similar implementations before. This help it would be excellent for me, I hope some one can help. Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Basic questions regarding Samba capabilities
Hi: On Mon, May 21, 2012 at 8:01 AM, Daniel Müller wrote: > IN a such great environment like yours I would suggest having several PDCs > in replication mode. > Is this possible to implement with Samba 3.x? > --- > EDV Daniel Müller > > Leitung EDV > Tropenklinik Paul-Lechler-Krankenhaus > Paul-Lechler-Str. 24 > 72076 Tübingen > > Tel.: 07071/206-463, Fax: 07071/206-499 > eMail: muel...@tropenklinik.de > Internet: www.tropenklinik.de > --- > -Ursprüngliche Nachricht- > Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im > Auftrag von Aaron E. > Gesendet: Montag, 21. Mai 2012 14:51 > An: samba@lists.samba.org > Betreff: Re: [Samba] Basic questions regarding Samba capabilities > > First, I'm not sure if your speaking of samba4 or just upgrading your s3 > domain structure .. my comments are based on samba4 hope it helps .. > > Policies: -- Group policy works with S4.. So whatever group policies you can > set in windows DC you can set on the S4 dcs.. > > Scalability -- 1PDC and several BDCs would be your answer. Essentially your > going to create the same infrastructure as you would with the windows family > of servers. unstead of multiple pdc's you'd use bdc's at in different > vlans.. or RODC's but I am not sure where the RODC's are in terms of > completeness. > > Backend -- OPENLDAP isn't supported as a back-end.. I believe that your only > option is to use the built-in samba4 back-end at this point.. > > Compatability -- there are no special steps in joining windows 7 or 2008 > servers to the S4 domain.. > > There is an upgrade script that should pull your users and computers to the > new domain, obviously this would require extensive testing in your > environment. > > > > On 05/20/2012 11:32 AM, Jason Voorhees wrote: >> Hi people: >> >> I've been using Samba for a long time with some "basic" features like >> Samba working as a PDC, integrated with OpenLDAP, being a print >> server, among others, for a small number of "almost controlled" users >> (no more than 30 or 50 users). >> >> But now I'm interested to implement a Windows domain using Samba for a >> University with 6000-8000 users distributed through several VLANs, >> subnets, offices in a medium/big campus. I'd like to avoid using a >> propietary solution like Windows 2008 with ADS so I'd like to know >> some suggestions like these: >> >> Policies: >> === >> - How well can Samba manage policies for workstations? >> - Is it easy or safe to apply and/or remove policies from workstations? >> - What kind of things can I allow or deny from succeding in >> workstations using policies? For example: could I avoid users from >> changing the IP address of the workstation? Could I set a fixed >> wallpaper or internet explorer proxy settings to workstations? >> >> Scalability >> >> In a big scenario like the previous i mentioned: >> - How many BDCs would be needed? Is it enough to have 1 PDC and severals > BDCs? >> - Is it possible to have multiple PDCs of the same domain each one >> being in a different VLAN? or, what's the right approach in terms of >> structure-architecture to implement PDCs and BDCs? >> >> Backend >> === >> Definitely I plan to use OpenLDAP as backend but, similar to the >> previous question about BDCs: how many Master/Slave OpenLDAP servers >> do you think it would be necessary? It could be 1 BDC+OpenLDAP (slave >> or master) for each office or VLAN? >> >> Compatibility: >> === >> - I know that are some procedures to join Windows 7 to Samba domain, I >> did this before successfully. Do you know -maybe- of another possible >> compatibility problem that you suggest I can be prepared for? >> - If after some time (weeks, months or years) I plan to replace this >> Samba based domain to Windows 2k ADS domain: is it possible to do this >> migration without problem? it isn't necessary to reinstall all the >> domain and rejoin all the workstation? >> >> Technically I can investigate how to implement each of these features >> (policies, BDCs, openldap, etc...) but before taking a decision like >> this i would like to have some suggestions of people that have done >> similar implementations before. This help it would be excellent for >> me, I hope some one can help. >> >> Thanks > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Basic questions regarding Samba capabilities
Hi, thanks for your reply: On Mon, May 21, 2012 at 7:51 AM, Aaron E. wrote: > First, I'm not sure if your speaking of samba4 or just upgrading your s3 > domain structure .. my comments are based on samba4 hope it helps .. > Actually I was thinking about using a stable version of Samba like 3.x. I know that Samba 4 is still being developed for many years. Do you really suggest me to use this alpha version of Samba4 for a critical environment like the one I described? It would be great to have an Open Source ADS implementation with Samba4 but for now I think I can just get as much as possible of features that Samba 3.x can offer me. > Policies: -- Group policy works with S4.. So whatever group policies you can > set in windows DC you can set on the S4 dcs.. > What tool do you use for edit/create policies? I was reading a little about the native MS Windows 2000 tool for policy editing but if you suggest me to use Samba4 I believe you could recommend me to use the Windows 2003/2008 policy editor or something like that? > Scalability -- 1PDC and several BDCs would be your answer. Essentially your > going to create the same infrastructure as you would with the windows family > of servers. unstead of multiple pdc's you'd use bdc's at in different > vlans.. or RODC's but I am not sure where the RODC's are in terms of > completeness. > I'm sorry but I have never heard about RODCs before. Are they read only primary or backup domain controller? How do they work? > Backend -- OPENLDAP isn't supported as a back-end.. I believe that your only > option is to use the built-in samba4 back-end at this point.. > > Compatability -- there are no special steps in joining windows 7 or 2008 > servers to the S4 domain.. > > There is an upgrade script that should pull your users and computers to the > new domain, obviously this would require extensive testing in your > environment. > > > Thanks for all > > On 05/20/2012 11:32 AM, Jason Voorhees wrote: >> >> Hi people: >> >> I've been using Samba for a long time with some "basic" features like >> Samba working as a PDC, integrated with OpenLDAP, being a print >> server, among others, for a small number of "almost controlled" users >> (no more than 30 or 50 users). >> >> But now I'm interested to implement a Windows domain using Samba for a >> University with 6000-8000 users distributed through several VLANs, >> subnets, offices in a medium/big campus. I'd like to avoid using a >> propietary solution like Windows 2008 with ADS so I'd like to know >> some suggestions like these: >> >> Policies: >> === >> - How well can Samba manage policies for workstations? >> - Is it easy or safe to apply and/or remove policies from workstations? >> - What kind of things can I allow or deny from succeding in >> workstations using policies? For example: could I avoid users from >> changing the IP address of the workstation? Could I set a fixed >> wallpaper or internet explorer proxy settings to workstations? >> >> Scalability >> >> In a big scenario like the previous i mentioned: >> - How many BDCs would be needed? Is it enough to have 1 PDC and severals >> BDCs? >> - Is it possible to have multiple PDCs of the same domain each one >> being in a different VLAN? or, what's the right approach in terms of >> structure-architecture to implement PDCs and BDCs? >> >> Backend >> === >> Definitely I plan to use OpenLDAP as backend but, similar to the >> previous question about BDCs: how many Master/Slave OpenLDAP servers >> do you think it would be necessary? It could be 1 BDC+OpenLDAP (slave >> or master) for each office or VLAN? >> >> Compatibility: >> === >> - I know that are some procedures to join Windows 7 to Samba domain, I >> did this before successfully. Do you know -maybe- of another possible >> compatibility problem that you suggest I can be prepared for? >> - If after some time (weeks, months or years) I plan to replace this >> Samba based domain to Windows 2k ADS domain: is it possible to do this >> migration without problem? it isn't necessary to reinstall all the >> domain and rejoin all the workstation? >> >> Technically I can investigate how to implement each of these features >> (policies, BDCs, openldap, etc...) but before taking a decision like >> this i would like to have some suggestions of people that have done >> similar implementations before. This help it would be excellent for >> me, I hope some one can help. >> >> Thanks > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Basic questions regarding Samba capabilities
Hai, Backend -- OPENLDAP isn't supported as a back-end.. I believe that your only option is to use the built-in samba4 back-end at this point.. About above, is it still posible to replicate the "samba ad/ldap" to other ldap servers ( without samba ), and will openldap be a supported backend in the future. Best regard, Louis -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Basic questions regarding Samba capabilities
IN a such great environment like yours I would suggest having several PDCs in replication mode. --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Aaron E. Gesendet: Montag, 21. Mai 2012 14:51 An: samba@lists.samba.org Betreff: Re: [Samba] Basic questions regarding Samba capabilities First, I'm not sure if your speaking of samba4 or just upgrading your s3 domain structure .. my comments are based on samba4 hope it helps .. Policies: -- Group policy works with S4.. So whatever group policies you can set in windows DC you can set on the S4 dcs.. Scalability -- 1PDC and several BDCs would be your answer. Essentially your going to create the same infrastructure as you would with the windows family of servers. unstead of multiple pdc's you'd use bdc's at in different vlans.. or RODC's but I am not sure where the RODC's are in terms of completeness. Backend -- OPENLDAP isn't supported as a back-end.. I believe that your only option is to use the built-in samba4 back-end at this point.. Compatability -- there are no special steps in joining windows 7 or 2008 servers to the S4 domain.. There is an upgrade script that should pull your users and computers to the new domain, obviously this would require extensive testing in your environment. On 05/20/2012 11:32 AM, Jason Voorhees wrote: > Hi people: > > I've been using Samba for a long time with some "basic" features like > Samba working as a PDC, integrated with OpenLDAP, being a print > server, among others, for a small number of "almost controlled" users > (no more than 30 or 50 users). > > But now I'm interested to implement a Windows domain using Samba for a > University with 6000-8000 users distributed through several VLANs, > subnets, offices in a medium/big campus. I'd like to avoid using a > propietary solution like Windows 2008 with ADS so I'd like to know > some suggestions like these: > > Policies: > === > - How well can Samba manage policies for workstations? > - Is it easy or safe to apply and/or remove policies from workstations? > - What kind of things can I allow or deny from succeding in > workstations using policies? For example: could I avoid users from > changing the IP address of the workstation? Could I set a fixed > wallpaper or internet explorer proxy settings to workstations? > > Scalability > > In a big scenario like the previous i mentioned: > - How many BDCs would be needed? Is it enough to have 1 PDC and severals BDCs? > - Is it possible to have multiple PDCs of the same domain each one > being in a different VLAN? or, what's the right approach in terms of > structure-architecture to implement PDCs and BDCs? > > Backend > === > Definitely I plan to use OpenLDAP as backend but, similar to the > previous question about BDCs: how many Master/Slave OpenLDAP servers > do you think it would be necessary? It could be 1 BDC+OpenLDAP (slave > or master) for each office or VLAN? > > Compatibility: > === > - I know that are some procedures to join Windows 7 to Samba domain, I > did this before successfully. Do you know -maybe- of another possible > compatibility problem that you suggest I can be prepared for? > - If after some time (weeks, months or years) I plan to replace this > Samba based domain to Windows 2k ADS domain: is it possible to do this > migration without problem? it isn't necessary to reinstall all the > domain and rejoin all the workstation? > > Technically I can investigate how to implement each of these features > (policies, BDCs, openldap, etc...) but before taking a decision like > this i would like to have some suggestions of people that have done > similar implementations before. This help it would be excellent for > me, I hope some one can help. > > Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Basic questions regarding Samba capabilities
First, I'm not sure if your speaking of samba4 or just upgrading your s3 domain structure .. my comments are based on samba4 hope it helps .. Policies: -- Group policy works with S4.. So whatever group policies you can set in windows DC you can set on the S4 dcs.. Scalability -- 1PDC and several BDCs would be your answer. Essentially your going to create the same infrastructure as you would with the windows family of servers. unstead of multiple pdc's you'd use bdc's at in different vlans.. or RODC's but I am not sure where the RODC's are in terms of completeness. Backend -- OPENLDAP isn't supported as a back-end.. I believe that your only option is to use the built-in samba4 back-end at this point.. Compatability -- there are no special steps in joining windows 7 or 2008 servers to the S4 domain.. There is an upgrade script that should pull your users and computers to the new domain, obviously this would require extensive testing in your environment. On 05/20/2012 11:32 AM, Jason Voorhees wrote: Hi people: I've been using Samba for a long time with some "basic" features like Samba working as a PDC, integrated with OpenLDAP, being a print server, among others, for a small number of "almost controlled" users (no more than 30 or 50 users). But now I'm interested to implement a Windows domain using Samba for a University with 6000-8000 users distributed through several VLANs, subnets, offices in a medium/big campus. I'd like to avoid using a propietary solution like Windows 2008 with ADS so I'd like to know some suggestions like these: Policies: === - How well can Samba manage policies for workstations? - Is it easy or safe to apply and/or remove policies from workstations? - What kind of things can I allow or deny from succeding in workstations using policies? For example: could I avoid users from changing the IP address of the workstation? Could I set a fixed wallpaper or internet explorer proxy settings to workstations? Scalability In a big scenario like the previous i mentioned: - How many BDCs would be needed? Is it enough to have 1 PDC and severals BDCs? - Is it possible to have multiple PDCs of the same domain each one being in a different VLAN? or, what's the right approach in terms of structure-architecture to implement PDCs and BDCs? Backend === Definitely I plan to use OpenLDAP as backend but, similar to the previous question about BDCs: how many Master/Slave OpenLDAP servers do you think it would be necessary? It could be 1 BDC+OpenLDAP (slave or master) for each office or VLAN? Compatibility: === - I know that are some procedures to join Windows 7 to Samba domain, I did this before successfully. Do you know -maybe- of another possible compatibility problem that you suggest I can be prepared for? - If after some time (weeks, months or years) I plan to replace this Samba based domain to Windows 2k ADS domain: is it possible to do this migration without problem? it isn't necessary to reinstall all the domain and rejoin all the workstation? Technically I can investigate how to implement each of these features (policies, BDCs, openldap, etc...) but before taking a decision like this i would like to have some suggestions of people that have done similar implementations before. This help it would be excellent for me, I hope some one can help. Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba