samba - Nov 2005 - network design - taking advantage of samba+openldap

In the headquarter of my Institution we have some 300 windows PCs, 
distributed like this:

domain1: 100 clients in a consolidated samba 3.0.5-2 domain (RH 9.0)
domain2: 20 clients in an incipient samba 3.0.14a-2 domain (FC4)
          80 clients to be joined to domain2
without domain: 150 clients beloging to some three workgroups

We outsourced the deployment of a LDAP server and we are in the process of 
put the server into production, but the contract only included the 
migration of domain1 to authenticate against openldap.  And here my 
big question:

we want to consolidated domain2 and to create three extra PDCs for the 
rest of the windows PCs.  Is it advisable to have 5 PDCs? or only 1 PDC 
and one BDC for building? (like showed in 
http://samba.org/samba/docs/man/Samba3-ByExample/images/chap6-net.png). 
Can openldap include several SIDs?

Could you please give us some advise for our successfull deployment of our 
Windows-Samba network? We don't have our LAN segmented.  Also, we are in 
the process of buying a cheap NAS solution for all the users.

thanks,

Pablo Chamorro C.

-- 
Tel: +57 (2) 7314752/3222/2595 - Fax: +57 (2) 7310514
Carrera 31 #18-07 Parque Infantil - PO Box 1795 - Pasto

For the number of clients you have, and if the network is restricted to one 
segment, why three different domains? Why not consolidate domains into a single 
domain, with multiple BDC's. Also, NAS now forces your end-users to rely on
the
security and performance of whatever NAS solution you go with. My advice to you 
would be this:

Build a new PDC, install/configure as a single domain using OpenLDAP tree. 
Import all your existing users and their information into this tree.

Build _X_ number of BDC's to be used for various NAS, these machines can
slave
the LDAP tree locally cascading updated to the primary and servicing queries 
directly. Since all permissions/users are now global accross all servers using a
single domain, distribute your storage requirements accross the various
BDC's
using some sort of internal RAID solution.

For the price - highly reccomend looking at a 3Ware Escalade 9000-series 
controller, can whack on a few RAID edition 250GB drives via S-ATA and get a 
couple of terabytes with good I/O speed/performance relatively cheap. With the 
9000-series you can get a solid 400MB/sec data rate, 800Mb/sec using newer S-ATA
II based controllers for less than $500.

IMHO - this would be easier to manage, implement, and pay for than what
you're
currently running/proposing.

-- 
Nathan Vidican
nvidican@wmptl.com
Windsor Match Plate & Tool Ltd.
http://www.wmptl.com/

Pablo Chamorro C. wrote:
> In the headquarter of my Institution we have some 300 windows PCs, 
> distributed like this:
> 
> domain1: 100 clients in a consolidated samba 3.0.5-2 domain (RH 9.0)
> domain2: 20 clients in an incipient samba 3.0.14a-2 domain (FC4)
>          80 clients to be joined to domain2
> without domain: 150 clients beloging to some three workgroups
> 
> We outsourced the deployment of a LDAP server and we are in the process 
> of put the server into production, but the contract only included the 
> migration of domain1 to authenticate against openldap.  And here my big 
> question:
> 
> we want to consolidated domain2 and to create three extra PDCs for the 
> rest of the windows PCs.  Is it advisable to have 5 PDCs? or only 1 PDC 
> and one BDC for building? (like showed in 
> http://samba.org/samba/docs/man/Samba3-ByExample/images/chap6-net.png). 
> Can openldap include several SIDs?
> 
> Could you please give us some advise for our successfull deployment of 
> our Windows-Samba network? We don't have our LAN segmented.  Also, we 
> are in the process of buying a cheap NAS solution for all the users.
> 
> thanks,
> 
> Pablo Chamorro C.
>