[Modularit-users] Different samba domains

Miguel Armas kuko at canarytek.com
Tue Oct 6 10:15:03 WEST 2009 

El día 6 de octubre de 2009 07:24, Imobach González Sosa
<imobachgs at banot.net> escribió:
> Hi all,
>
> We have the next scenario and we'd like to know how to achieve our goals with
> Modular IT. At this time, we have a network with two servers (located in
> different points). We'd like to have two differente Samba domains integrated
> in the same Modular IT infrastructure. Is that possible? Or is Modular IT
> oriented to have only one Samba domain?

In ModularIT you can manage as many domains as you want, another
question is how to manage the samba servers. If you have two different
locations and need to share file access you have different options:

- The GOOD: Have the same domain in the two locations. You will need:
  - A unified DNS and WINS server (the same for the whole
installation). I mean one DNS and one WINS, not that they have to be
on the same server
  - Two LDAP replicas, one on each location (*)
  - Each Samba should be connected to it's local LDAP
  - Each samba server should be confiigured as a local master browser
and a login server
  - Only one of the samba servers should be configured as a domain
master browser
  - One note: never EVER use roving profiles to a remote login server,
your users will want to kill you!
- The UGLY: You can host various domains on the same LDAP server, but
since you probably have a slow connection between locations, you
should setup two LDAP replicas as described in the previous option.
This setup is very similar to the previous one, but you will need also
a trust relation between domains so each domain recognizes users from
the other domain. The system users would be shared (all users will be
valid Linux users, no matter which domain the belong to)
- The BAD: Install one domain on each location and setup a trust
relation between both domains. In this case you may need to setup
winbind, because when a user access a resource on the remote location,
it won't be able to map that access to a system user (it's not on that
LDAP)
- The AWFUL (this was not on the original movie ;): Just install the
two domains, and duplicate users that needs to access resources. When
a user from location A access a resource from location B, he will need
to enter his user/pass on that location

(*) Right now we don't have support to configure LDAP replicas
automatically with ModularIT, but if you have problems with this we
can probably help. We haven't included this feature because there is a
huge probability to switch from OpenLDAP to Fedora Directory Server
and FreeIPA

Salu2!
-- 
Miguel Armas <kuko at canarytek.com>
CanaryTek Consultoria y Sistemas SL
ModularIT http://www.modularit.org/

More information about the Modularit-users mailing list