samba - Oct 2006 - Architecture VPN and Samba with ADS 2003 help needed

Dear all Samba list,

I'm currently facing some little problem with samba, I search for 
advices on
our offices architecture. This is what we have:

- We got 2 offices with "unstable" ADSL connection (sometime more that
5
connections shutdown a day)
- We use a  VPN and our 2 offices are on the following internal subnets:
    Office 1: 10.0.0.0/24
    Office 2: 10.0.1.0/24
There is no firewall restrictions between the 2 offices with the VPN.

- The Office 1 got a ADS Server 2003 (ads_office1) and a Debian/Sarge 
with Samba 3.0.23C file server (fs_office1), all is ok, working very well
- The Office 2 got only a Debian/Sarge Samba 3.0.23c file server (call 
it fs_office2) connected to the remote VPN ADS 2003. This server
is in a DOMAIN security mode (because I read that the ADS security mode 
is currently not so stable)

All my users (Windows XP SP2 only)  must be in the same ADS network 
(Exchange service, sharing of file, internet access control)
We face multiple problems is with the second office, each time we got a 
disconnection, we have to re-join the domain, restart
samba and winbind, also this Office 2 cannot access to the file server  
in a disconnected mode (some time no internet in this
office for a whole day)

So, I would like your advice on the following questions:

- Do we have to change the server fs_office2  to a Microsoft 2003 
server, is this the best solution ?
- Do Samba can configure itself to use a cache system or a domain 
duplication or a domain master in ADS 2003?
 is there solution to make samba deliver locally the credential  in case 
of networks
disconnection ?  is it stable to go on this solution ?

If yes (I hope), how to do this, what is the est architecture, the best 
samba configuration ?

Thanks in advance,
Regards,
Guillaume

11 okt 2006 kl. 07:03 skrev Guillaume Riviere:
> Dear all Samba list,
>
> I'm currently facing some little problem with samba, I search for  
> advices on
> our offices architecture. This is what we have:
>
> - We got 2 offices with "unstable" ADSL connection (sometime more
> that 5 connections shutdown a day)
> - We use a  VPN and our 2 offices are on the following internal  
> subnets:
>    Office 1: 10.0.0.0/24
>    Office 2: 10.0.1.0/24
> There is no firewall restrictions between the 2 offices with the VPN.
>
> - The Office 1 got a ADS Server 2003 (ads_office1) and a Debian/ 
> Sarge with Samba 3.0.23C file server (fs_office1), all is ok,  
> working very well
> - The Office 2 got only a Debian/Sarge Samba 3.0.23c file server  
> (call it fs_office2) connected to the remote VPN ADS 2003. This server
> is in a DOMAIN security mode (because I read that the ADS security  
> mode is currently not so stable)
Where did you read that? :)
>
> All my users (Windows XP SP2 only)  must be in the same ADS network  
> (Exchange service, sharing of file, internet access control)
> We face multiple problems is with the second office, each time we  
> got a disconnection, we have to re-join the domain, restart
> samba and winbind, also this Office 2 cannot access to the file  
> server  in a disconnected mode (some time no internet in this
> office for a whole day)
>
> So, I would like your advice on the following questions:
>
> - Do we have to change the server fs_office2  to a Microsoft 2003  
> server, is this the best solution ?
> - Do Samba can configure itself to use a cache system or a domain  
> duplication or a domain master in ADS 2003?
> is there solution to make samba deliver locally the credential  in  
> case of networks
> disconnection ?  is it stable to go on this solution ?
Pure ADS member with AD replication is not available inte the SAMBA 3  
branch yet. SAMBA 4 is supposed to handle this but is currently only  
in TP4 pre alpha stage and should only be used in testing purposes.
>
> If yes (I hope), how to do this, what is the est architecture, the  
> best samba configuration ?
Unfortunately I think that the best solution is to have a W2003 at  
the second office also until SAMBA 4 is stable but hopefully some  
more experienced samba users have another idea. :)
>
> Thanks in advance,
> Regards,
> Guillaume
Cheers,
henrik
>
>
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba