Hi, thanks for your reply: On Mon, May 21, 2012 at 7:51 AM, Aaron E. <ssureshot@xxxxxxxxx> wrote: > First, I'm not sure if your speaking of samba4 or just upgrading your s3 > domain structure .. my comments are based on samba4 hope it helps .. > Actually I was thinking about using a stable version of Samba like 3.x. I know that Samba 4 is still being developed for many years. Do you really suggest me to use this alpha version of Samba4 for a critical environment like the one I described? It would be great to have an Open Source ADS implementation with Samba4 but for now I think I can just get as much as possible of features that Samba 3.x can offer me. > Policies: -- Group policy works with S4.. So whatever group policies you can > set in windows DC you can set on the S4 dcs.. > What tool do you use for edit/create policies? I was reading a little about the native MS Windows 2000 tool for policy editing but if you suggest me to use Samba4 I believe you could recommend me to use the Windows 2003/2008 policy editor or something like that? > Scalability -- 1PDC and several BDCs would be your answer. Essentially your > going to create the same infrastructure as you would with the windows family > of servers. unstead of multiple pdc's you'd use bdc's at in different > vlans.. or RODC's but I am not sure where the RODC's are in terms of > completeness. > I'm sorry but I have never heard about RODCs before. Are they read only primary or backup domain controller? How do they work? > Backend -- OPENLDAP isn't supported as a back-end.. I believe that your only > option is to use the built-in samba4 back-end at this point.. > > Compatability -- there are no special steps in joining windows 7 or 2008 > servers to the S4 domain.. > > There is an upgrade script that should pull your users and computers to the > new domain, obviously this would require extensive testing in your > environment. > > > Thanks for all > > On 05/20/2012 11:32 AM, Jason Voorhees wrote: >> >> Hi people: >> >> I've been using Samba for a long time with some "basic" features like >> Samba working as a PDC, integrated with OpenLDAP, being a print >> server, among others, for a small number of "almost controlled" users >> (no more than 30 or 50 users). >> >> But now I'm interested to implement a Windows domain using Samba for a >> University with 6000-8000 users distributed through several VLANs, >> subnets, offices in a medium/big campus. I'd like to avoid using a >> propietary solution like Windows 2008 with ADS so I'd like to know >> some suggestions like these: >> >> Policies: >> ======= >> - How well can Samba manage policies for workstations? >> - Is it easy or safe to apply and/or remove policies from workstations? >> - What kind of things can I allow or deny from succeding in >> workstations using policies? For example: could I avoid users from >> changing the IP address of the workstation? Could I set a fixed >> wallpaper or internet explorer proxy settings to workstations? >> >> Scalability >> ======== >> In a big scenario like the previous i mentioned: >> - How many BDCs would be needed? Is it enough to have 1 PDC and severals >> BDCs? >> - Is it possible to have multiple PDCs of the same domain each one >> being in a different VLAN? or, what's the right approach in terms of >> structure-architecture to implement PDCs and BDCs? >> >> Backend >> ======= >> Definitely I plan to use OpenLDAP as backend but, similar to the >> previous question about BDCs: how many Master/Slave OpenLDAP servers >> do you think it would be necessary? It could be 1 BDC+OpenLDAP (slave >> or master) for each office or VLAN? >> >> Compatibility: >> =========== >> - I know that are some procedures to join Windows 7 to Samba domain, I >> did this before successfully. Do you know -maybe- of another possible >> compatibility problem that you suggest I can be prepared for? >> - If after some time (weeks, months or years) I plan to replace this >> Samba based domain to Windows 2k ADS domain: is it possible to do this >> migration without problem? it isn't necessary to reinstall all the >> domain and rejoin all the workstation? >> >> Technically I can investigate how to implement each of these features >> (policies, BDCs, openldap, etc...) but before taking a decision like >> this i would like to have some suggestions of people that have done >> similar implementations before. This help it would be excellent for >> me, I hope some one can help. >> >> Thanks > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba