Re: [Samba] VPN+2.2.3a+LDAP
Sorry I missed your response until now... Thanks for your thoughts Bradley. I have another bunch of questions which you may be able to enlighten me on :) Am I right in thinking that if I carried out idea 3, with each site having its own unique domain, that the user homes and profiles directories should be specified with an absolute path in the LDAP server? For example, if Joe was logging on to DOMAIN1, should the LDAP directory explicitly say \\DOMAIN1\JOE as his home directory (smbHome), and \\DOMAIN1\JOE\profile for his profile (profilePath)? I would like to have it so that any user could log on at any site and still keep one unique home dir on the Samba server at the site he uses most - so that if in one particular week Joe was at 6 different sites he wouldnt have a profile and home directory at each site - he would just use the one at his main site, DOMAIN1 (I realise this would mean transmitting large amounts of data across a relatively slow WAN). that seems reasonable - however i think you mean \\PROFILESERVER1\JOE rather than \\DOMAIN1\JOE That implies that all these domain controllers can access each other's namespaces (i'm not sure you can do that) you might have to put \\fqdn_of_profile_server\profiles\%u into the ldap rather than the wins name of the server (fqdn = fully qualified domain name) Is it possible for a replicated LDAP database to be used with Samba in this way which allows anyone to log on anywhere to any domain in a large network, yet still keep a unique 'home' ? i've not done it myself - but it should be possible to point each domain controller at an ldap server on localhost and keep all those in sync using the ldap tools. the replication stuff should be transparent to samba brad -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] VPN+2.2.3a+LDAP
On Mon, 2002-04-29 at 22:26, Philip Burrow wrote: Hi, I'm after some clarification on a concept I'm toying with, the big question being is it feasible to do this, and are there any things I ought to consider. What I'm after is domain authentication across a multi-subnet VPN. I figured there are three ways of doing this, based on my limited knowledge of Samba (version 2.2.3a): 1. Have a single Samba PDC to control the entire VPN (up to 10 remote sites) using a single LDAP server to authenticate users. this will mean that all profiles and authentication goes over the vpn probably not a good idea (as you say below) 2. Have a Samba server at each site as some sort of pseudo-BDC, all authenticating with a single LDAP server. again - all authentication goes over the wan 3. Have a Samba PDC at each site controlling a domain of its own, but all using the same LDAP server. still the same problem I think you should modify idea 3 by setting up replicated LDAP on the PDC (or another machine) at each site. That way everybody can log in even if the lan is down (though the distributed ldap dbs might diverge if your wan is down for a long time. brad -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] VPN+2.2.3a+LDAP
3. Have a Samba PDC at each site controlling a domain of its own, but all using the same LDAP server. still the same problem I think you should modify idea 3 by setting up replicated LDAP on the PDC (or another machine) at each site. That way everybody can log in even if the lan is down (though the distributed ldap dbs might diverge if your wan is down for a long time. Thanks for your thoughts Bradley. I have another bunch of questions which you may be able to enlighten me on :) Am I right in thinking that if I carried out idea 3, with each site having its own unique domain, that the user homes and profiles directories should be specified with an absolute path in the LDAP server? For example, if Joe was logging on to DOMAIN1, should the LDAP directory explicitly say \\DOMAIN1\JOE as his home directory (smbHome), and \\DOMAIN1\JOE\profile for his profile (profilePath)? I would like to have it so that any user could log on at any site and still keep one unique home dir on the Samba server at the site he uses most - so that if in one particular week Joe was at 6 different sites he wouldnt have a profile and home directory at each site - he would just use the one at his main site, DOMAIN1 (I realise this would mean transmitting large amounts of data across a relatively slow WAN). Is it possible for a replicated LDAP database to be used with Samba in this way which allows anyone to log on anywhere to any domain in a large network, yet still keep a unique 'home' ? Cheers, Phil. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] VPN+2.2.3a+LDAP
Hi, I'm after some clarification on a concept I'm toying with, the big question being is it feasible to do this, and are there any things I ought to consider. What I'm after is domain authentication across a multi-subnet VPN. I figured there are three ways of doing this, based on my limited knowledge of Samba (version 2.2.3a): 1. Have a single Samba PDC to control the entire VPN (up to 10 remote sites) using a single LDAP server to authenticate users. 2. Have a Samba server at each site as some sort of pseudo-BDC, all authenticating with a single LDAP server. 3. Have a Samba PDC at each site controlling a domain of its own, but all using the same LDAP server. One requirement I have is that I don't want WAN bandwidth saturating with home directories and user profiles needing to be transmitted across the WAN so I want them stored local to each site, and I think this is possible with Samba and LDAP (is it?). Is this 'shared password server' concept possible with Samba and LDAP? Any URLs or other resources would be great, and I appreciate any help or comments. Please dont tell me to create a trust relationship with Mr Gates. :-) Regards, Phil -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba