Colleagues- I am working on the design of a fairly large samba deployment, and I am looking for feedback on some of my design ideas. I have 10 buildings spread out in and around a city, all interconnected via 1.5Mb leased lines. There are samba servers in each building. I have some users that move from building to building. We are using primarily windows 98 desktops, with a few 2K and XPP machines thrown in for flavor. Ideally, I would like to setup a single centrally managed and authenticated domain, but have user home directories served from member servers in the users' home buildings, as performance over the WAN links is poor. The problem I'm having is figuring out a mechanism wherein the PDC or a login script will be smart enough to know which member server to connect to for their home directories. My goal is to normally only have authentication and internet traffic traversing the WAN links, and only have user data traversing the WAN links when someone is not in their usual home building. Right now, I am planning on setting up multiple domains, one for each building, and then setting trusts between them all. This way everyone can login to their home domain and get at their data, but then still have access to the applications on the local server, regardless of which building they are in. This solution is more complex and has more management overhead than I would like, but is the only way I have come up with that I know will work. Anyone have any better ideas? As I've only done relatively small and simple samba deployments in the past, I'm sure there are some more advanced features that I don't know about that might make this possible. Would DFS work? -- -Regards- -Quentin Hartman- Technology Coordinator South Lane School District Cottage Grove, Oregon Office- 541.767.3778 Mobile- 541-501-1197 qhartman@lane.k12.or.us
Hi Quentin Why not having one central PDC and use login scripts to map the home directories on the local PC to the apropriate place on a per user basis? /Krystian -----Original Message----- From: samba-bounces+filiks=telesonique.com@lists.samba.org [mailto:samba-bounces+filiks=telesonique.com@lists.samba.org]On Behalf Of Quentin Hartman Sent: Mittwoch, 13. Oktober 2004 17:39 To: samba@lists.samba.org Subject: [Samba] Looking for large-ish deployment advice Colleagues- I am working on the design of a fairly large samba deployment, and I am looking for feedback on some of my design ideas. I have 10 buildings spread out in and around a city, all interconnected via 1.5Mb leased lines. There are samba servers in each building. I have some users that move from building to building. We are using primarily windows 98 desktops, with a few 2K and XPP machines thrown in for flavor. Ideally, I would like to setup a single centrally managed and authenticated domain, but have user home directories served from member servers in the users' home buildings, as performance over the WAN links is poor. The problem I'm having is figuring out a mechanism wherein the PDC or a login script will be smart enough to know which member server to connect to for their home directories. My goal is to normally only have authentication and internet traffic traversing the WAN links, and only have user data traversing the WAN links when someone is not in their usual home building. Right now, I am planning on setting up multiple domains, one for each building, and then setting trusts between them all. This way everyone can login to their home domain and get at their data, but then still have access to the applications on the local server, regardless of which building they are in. This solution is more complex and has more management overhead than I would like, but is the only way I have come up with that I know will work. Anyone have any better ideas? As I've only done relatively small and simple samba deployments in the past, I'm sure there are some more advanced features that I don't know about that might make this possible. Would DFS work? -- -Regards- -Quentin Hartman- Technology Coordinator South Lane School District Cottage Grove, Oregon Office- 541.767.3778 Mobile- 541-501-1197 qhartman@lane.k12.or.us -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
That's the point you have to use a seperate script for each user. In samba conf file: [global] ... .. . logon script = %U.bat [netlogon] comment = The netlogon share path = /xxx/logon public = no writeable = no browsable = no put a [username].bat file in the root of the netlogon share containing something like: net use h: \\server1\home\[user] I don't think that you will be able to have the PDC to self detect where the share should be mapped. hope this helps Regards /Krystian -----Original Message----- From: Quentin Hartman [mailto:qhartman@lane.k12.or.us] Sent: Mittwoch, 13. Oktober 2004 18:07 To: Krystian Filiks Subject: RE: [Samba] Looking for large-ish deployment advice On Wed, 2004-10-13 at 17:59 +0200, Krystian Filiks wrote:> Hi Quentin > > Why not having one central PDC and use login scripts to map the home > directories on the local PC to the apropriate place on a per user basis?That's exactly what I haven't been able to figure out how to do. How would the login script know that joeuser needs to connect to server1, without having to write a different script for every user? If you have a solution or a pointer to a place in TFM, I'd be thrilled to hear about it. -- -Regards- -Quentin Hartman- Technology Coordinator South Lane School District Cottage Grove, Oregon Office- 541.767.3778 Mobile- 541-501-1197 qhartman@lane.k12.or.us
On Wednesday, October 13, 2004 11:38 am, Quentin Hartman wrote:> Ideally, I would like to setup a single centrally managed and > authenticated domain, but have user home directories served from member > servers in the users' home buildings, as performance over the WAN links > is poor. The problem I'm having is figuring out a mechanism wherein the > PDC or a login script will be smart enough to know which member server > to connect to for their home directories.Trying to understand this a bit better before I comment... First, won't roving users be disappointed if you have separate home directories in each building? Won't they expect that a document on which they worked in one building be available when they go to the next building? Second, are you contemplating using roaming profiles, and if so, are these profiles likely to be large? E.g., users store big files on their Desktop, and/or have 200MB Outlook pst files, etc.... Lastly, if I read your post correctly you have T-1 speeds between buildings. That's a pretty fat pipe to fill, so why do you say the building-to-building networks links are slow? -- _________________________________________________ A Message From... L. Mark Stone Reliable Networks of Maine, LLC 477 Congress Street Portland, ME 04101 Tel: (207) 772-5678 Web: www.RNoME.com
What I mean is that the home dir is on a NFS share on whatewer server you
have in mind in the apropriate building and then use NIS to lookup what
server holds the share for this user.
This means in anyway that you will have to have a NIS DB with the username
and his home server for the lookup.
Maybe trying to asign different IP to people in different buildings and
using that info combined with the vbs script have the apropriate share
mapped?
This gives you other advantages like lets say you need to upgrade the
maschine of one user, just put couple of lines in his login script and the
next time he logson his maschine gets updated, you can even run the login
script as the local administrator if need be by executing the
WSHShell.run("RUNAS /USER:Administrator ...)
Regards
/krystian
-----Original Message-----
From: Quentin Hartman [mailto:qhartman@lane.k12.or.us]
Sent: Mittwoch, 13. Oktober 2004 18:45
To: Krystian Filiks
Subject: RE: [Samba] Looking for large-ish deployment advice
On Wed, 2004-10-13 at 18:30 +0200, Krystian Filiks
wrote:> The only other way that I see to do this is NFS and NIS.
Using NFS would mean that the user data would have to traverse the WAN
anyway, would it not? I presume you mean that the user's home
directories are all NFS mounted on the PDC and shared from there. The
data would then have to move from the member server via nfs, to the PDC,
where it is served out again via samba. For someone in a building away
from the PDC, the situation would actually degrade from where it is now,
and their data would be traversing the slow links twice. Do you have
something else in mind? Am I not understanding the data flow correctly?
> But in any way you will have to store a list of users and associated
> servers.
> So I think that having a logonscript for every user will allow you to
> acheave this in the easyest way, besides it gives you flexibility to map
> drives, change the PC time and other things on a per user basis
Yes, I plan on using logon scripts, but a different one for each user,
when I have approximately 3000 of them seemed excessive, hence my search
for a more manageable method. Perhaps intelligently using some other
piece of user info, group membership or the like. Though, for now, I
agree that individual logon scripts are probably the only way to achieve
this, unless there is some feature in samba that I do not know about.
--
-Regards-
-Quentin Hartman-
Technology Coordinator
South Lane School District
Cottage Grove, Oregon
Office- 541.767.3778
Mobile- 541-501-1197
qhartman@lane.k12.or.us
The Singapore National Library has done something like your setup. They have multiple locations & staff move between them. I'm not sure if they will talk to you, & I think they outsourced the project. Website is: http://www.nlb.gov.sg/ Adrian Hicks On 13 October 2004 pm 23:38, Quentin Hartman wrote:> Colleagues- > I am working on the design of a fairly large samba deployment, and I am > looking for feedback on some of my design ideas. > I have 10 buildings spread out in and around a city, all interconnected > via 1.5Mb leased lines. There are samba servers in each building. I have > some users that move from building to building. We are using primarily > windows 98 desktops, with a few 2K and XPP machines thrown in for > flavor. > Ideally, I would like to setup a single centrally managed and > authenticated domain, but have user home directories served from member > servers in the users' home buildings, as performance over the WAN links > is poor. The problem I'm having is figuring out a mechanism wherein the > PDC or a login script will be smart enough to know which member server > to connect to for their home directories. My goal is to normally only > have authentication and internet traffic traversing the WAN links, and > only have user data traversing the WAN links when someone is not in > their usual home building. > Right now, I am planning on setting up multiple domains, one for each > building, and then setting trusts between them all. This way everyone > can login to their home domain and get at their data, but then still > have access to the applications on the local server, regardless of which > building they are in. This solution is more complex and has more > management overhead than I would like, but is the only way I have come > up with that I know will work. Anyone have any better ideas? As I've > only done relatively small and simple samba deployments in the past, I'm > sure there are some more advanced features that I don't know about that > might make this possible. Would DFS work? > > -- > -Regards- > > -Quentin Hartman- > > Technology Coordinator > South Lane School District > Cottage Grove, Oregon > Office- 541.767.3778 > Mobile- 541-501-1197 > qhartman@lane.k12.or.us