Karel Lang AFD
2015-Apr-30 08:13 UTC
[Samba] Samba BDC at company branch in different subnet?
Hello guys, i just wanted to ask about an idea, if it is feasible (or not). The company i work for (350 users) has 2 branches, that are interconnected with HQ via L2TP (encapsulated in IPsec) tunnels, that are setup in between Mikrotik routers. current setup: 300 users | HQ 192.168.2.0/23 | | Samba PDC + LDAP | | (389 DS) backend | | | | | / \ 30 users / \ 20 users | 1st branch | | 2nd branch | | 192.168.4.0/24| |192.168.6.0/24| | Samba PDC with| |Samba PDC with| | tdbsam backend| |tdbsam backend| So far, it was OK, but thing is, users started to (due to new projects) rotate/migrate in between branches and HQ. So to maintain users passwords and credentials became difficult and generally pain. Questions: 1. theoretically speaking - is it possible to redo/change the 2 PDC located at 2 company branches to BDC and slave them to HQ PDC and also to make them to authenticate users against HQ LDAP server? 2. can BDC propagate local storage filesystems - meaning, BDC to propagate different filesystems than the PDC? I dont think i can safely propagate the storage from HQ via SMB running through L2TP .. Any insights, advice highly appreciated. Thank You PS. To answer q. some might ask: 1. We still run Samba 3.6, our Linux servers are RHEL6.6 whic means no Samba AD is available for us so far. Red Hat still doesn't support Samba AD at their official packages. 2. I plan on to switch to Samba 4 (to get access to newest SMB 2 and 3 protocols), but keep the PDC <-> BDC Style, untill Red Hat will support it in their own packages. -- *Karel Lang* *Unix/Linux Administration* lang at afd.cz | +420 731 13 40 40 AUFEER DESIGN, s.r.o. | www.aufeerdesign.cz