VSpike
May 4th, 2008, 03:22 AM
Dear forum-
I need some help with high-level stuff - advice on the best way to approach something and the technology to use.
We have two offices, one in the UK and one in Cyprus. I've installed an Ubuntu server 8.04 at each one, running nothing much more than Samba and SSH at the moment. Both sites have Draytek routers, and I've used those to create a LAN to LAN VPN, so that one location has a 192.168.1.0/24 subnet and the other has 192.168.2.0/24.
The problem is that this link is only ADSL based and will certainly go down or slow down from time to time, and I'd like to achieve good integration between the sites while allowing them to operate independently when needed.
I'm reasonably familiar with Windows networking although I'm still clearer on NT4/NBT/WINS/PDC/BDC stuff than Active Directory. I'm OK with Samba although have never used it as a domain controller. I'm weak on DNS and LDAP.
The clients on the network will be a mixture of XP and Vista (with a couple of my Linux boxes thrown in but I can worry about those myself).
I'd like to achieve the following:-
* Samba as a domain controller
* PDC in Head Office, BDC in Branch Office
* Windows networking clients able resolve names between the two locations
* Single set of accounts between the two servers
I think that this means I need to set up LDAP on the two servers. My questions on this:-
* Do I choose a single root name (e.g. mycompany.local) to cover both sites?
* Can both machines run an LDAP server, each preferring itself for authentication but keeping the two databases in sync automatically?
I also believe I need to set up WINS to allow windows name resolution to work. Again, questions:-
* Can I run a WINS server in each site, like a PDC and BDC where one just caches the other, or automatically keeps in sync with it?
Although the routers serve DNS and DHCP, I wonder what the advantages would be of getting the servers to do so instead. I think it would allow me to set things for DHCP clients like local domain name, WINS server(s), etc. Also I think I could set it up so that DHCP clients are added to local DNS... is this simple to do? Could this then take the place of WINS, since I know the Windows networking can use DNS for name resolution?
Finally, I'm not sure how much to separate the two locations in terms of organisation. I know in Active Directory you can have parent domains, child domains, domain trust, organisational units, etc. I'm not sure how this translates to my current problem. Should each site have its own DNS domain? Should each site have its own LDAP tree? Should each have its own domain with trust between them?
Any help, experience or advice anyone can offer me really would be a big help, because although I know a lot of the stuff here an awful lot is new to me. Needless to say, I need to set it up fairly fast, so I don't have the time for a trial and error approach either, and can't afford too many blind alleys. If people can help me get my top level design right, I'm happy to RTFM for the dirty details.
I need some help with high-level stuff - advice on the best way to approach something and the technology to use.
We have two offices, one in the UK and one in Cyprus. I've installed an Ubuntu server 8.04 at each one, running nothing much more than Samba and SSH at the moment. Both sites have Draytek routers, and I've used those to create a LAN to LAN VPN, so that one location has a 192.168.1.0/24 subnet and the other has 192.168.2.0/24.
The problem is that this link is only ADSL based and will certainly go down or slow down from time to time, and I'd like to achieve good integration between the sites while allowing them to operate independently when needed.
I'm reasonably familiar with Windows networking although I'm still clearer on NT4/NBT/WINS/PDC/BDC stuff than Active Directory. I'm OK with Samba although have never used it as a domain controller. I'm weak on DNS and LDAP.
The clients on the network will be a mixture of XP and Vista (with a couple of my Linux boxes thrown in but I can worry about those myself).
I'd like to achieve the following:-
* Samba as a domain controller
* PDC in Head Office, BDC in Branch Office
* Windows networking clients able resolve names between the two locations
* Single set of accounts between the two servers
I think that this means I need to set up LDAP on the two servers. My questions on this:-
* Do I choose a single root name (e.g. mycompany.local) to cover both sites?
* Can both machines run an LDAP server, each preferring itself for authentication but keeping the two databases in sync automatically?
I also believe I need to set up WINS to allow windows name resolution to work. Again, questions:-
* Can I run a WINS server in each site, like a PDC and BDC where one just caches the other, or automatically keeps in sync with it?
Although the routers serve DNS and DHCP, I wonder what the advantages would be of getting the servers to do so instead. I think it would allow me to set things for DHCP clients like local domain name, WINS server(s), etc. Also I think I could set it up so that DHCP clients are added to local DNS... is this simple to do? Could this then take the place of WINS, since I know the Windows networking can use DNS for name resolution?
Finally, I'm not sure how much to separate the two locations in terms of organisation. I know in Active Directory you can have parent domains, child domains, domain trust, organisational units, etc. I'm not sure how this translates to my current problem. Should each site have its own DNS domain? Should each site have its own LDAP tree? Should each have its own domain with trust between them?
Any help, experience or advice anyone can offer me really would be a big help, because although I know a lot of the stuff here an awful lot is new to me. Needless to say, I need to set it up fairly fast, so I don't have the time for a trial and error approach either, and can't afford too many blind alleys. If people can help me get my top level design right, I'm happy to RTFM for the dirty details.