Currently using Samba 4 as AD at the main site and would like the main site AD to authenticate users at a remote site (about 3 systems). As I use my domain management system from a remote location via VPN I know this works, but the VPN may not be the lowest cost in terms of overhead. What other options are available? I'm thinking that port forwarding between the sites may incur the least overhead (which ports?). What are the common (and maybe not so common) practices in place for this scenario? Thanks! Chris
Am 09.09.18 um 17:16 schrieb Sonic via samba:> Currently using Samba 4 as AD at the main site and would like the main site > AD to authenticate users at a remote site (about 3 systems). As I use my > domain management system from a remote location via VPN I know this works, > but the VPN may not be the lowest cost in terms of overhead.why?> What other options are available? > > I'm thinking that port forwarding between the sites may incur the least > overhead (which ports?). What are the common (and maybe not so common) > practices in place for this scenario?frankly you even need bridged VPN instead routed - so how should this work with port forwarding adn what problem do you try to solve befoe come up with solutions?
On Sun, Sep 9, 2018 at 1:27 PM Reindl Harald via samba <samba at lists.samba.org> wrote:> Am 09.09.18 um 17:16 schrieb Sonic via samba: > > Currently using Samba 4 as AD at the main site and would like the main site > > AD to authenticate users at a remote site (about 3 systems). As I use my > > domain management system from a remote location via VPN I know this works, > > but the VPN may not be the lowest cost in terms of overhead. > > why?Encryption overhead.> > What other options are available? > > > > I'm thinking that port forwarding between the sites may incur the least > > overhead (which ports?). What are the common (and maybe not so common) > > practices in place for this scenario? > > frankly you even need bridged VPN instead routed - so how should this > work with port forwarding adn what problem do you try to solve befoe > come up with solutions?>From my office here I just use a site-to-site vpn when I need tomanage the AD via RSAT. Normally my site-to-site VPN is down, but in the case of the small remote site contact with the AD would need to be full time. If it can be done easily with port forwarding it may be the least expensive way in terms of processing and also provide the best performance. Chris