LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 05-03-2008, 10:42 AM   #1
johncc
LQ Newbie
 
Registered: Dec 2006
Location: Dorset, UK
Posts: 7

Rep: Reputation: 0
Enterprise setup for two offices


Dear LQ-

I need some help with high-level stuff - advice on the best way to approach something and the technology to use.

We have two offices, one in the UK and one in Cyprus. I've installed an Ubuntu server 8.04 at each one, running nothing much more than Samba and SSH at the moment. They both have pretty decent Draytek routers, and I've used those to create a LAN to LAN VPN, so that one location has a 192.168.1.0/24 subnet and the other has 192.168.2.0/24. The problem is that this link is only ADSL based and will certainly go down or slow down from time to time, and I'd like to achieve good integration between the sites while allowing them to operate independently when needed.

I'm reasonably familiar with Windows networking although I'm still clearer on NT4/NBT/WINS/PDC/BDC stuff than Active Directory. I'm OK with Samba although have never used it as a domain controller. I'm weak on DNS and LDAP.

The clients on the network will be a mixture of XP and Vista (with a couple of my Linux boxes thrown in but I can worry about those myself).

I'd like to achieve the following:-

* Samba as a domain controller
* PDC in Head Office, BDC in Branch Office
* Windows networking to resolve names between the two locations
* Single set of accounts between the two servers

I think that this means I need to set up LDAP on the two servers. My questions on this:-

* Do I choose a single root name (e.g. mycompany.local) to cover both sites?
* Can both machines run an LDAP server, each preferring itself for authentication but keeping the two databases in sync automatically?

I also believe I need to set up WINS to allow windows name resolution to work. Again, questions:-

* Can I run a WINS server in each site, like a PDC and BDC where one just caches the other, or automatically keeps in sync with it?

Although the routers serve DNS and DHCP, I wonder what the advantages would be of getting the servers to do so instead. I think it would allow me to set things for DHCP clients like local domain name, WINS server(s), etc. Also I think I could set it up so that DHCP clients are added to local DNS... is this simple to do? Could this then take the place of WINS, since I know the Windows networking can use DNS for name resolution?

Finally, I'm not sure how much to separate the two locations in terms of organisation. I know in Active Directory you can can parent domains, child domains, domain trust, organisational units, etc. I'm not sure how this translates to my current problem. Should each site have its own DNS domain? Should each site have its own LDAP tree? Should each have its own domain with trust between them?

Any help and advice anyone can offer me really would be a big help, because although I know a lot of the stuff here an awful lot is new to me. Needless to say, I need to set it up fairly fast, so I don't have the time for a trial and error approach either, and can't afford too many blind alleys. If people can help me get my top level design right, I'm happy to RTFM for the dirty details.
 
Old 05-04-2008, 04:10 PM   #2
salasi
Senior Member
 
Registered: Jul 2007
Location: Directly above centre of the earth, UK
Distribution: SuSE, plus some hopping
Posts: 4,053

Rep: Reputation: 881Reputation: 881Reputation: 881Reputation: 881Reputation: 881Reputation: 881Reputation: 881
As you don't seem to be getting any answers from people who really know what they are doing, I'll try as best I can.

Quote:
Originally Posted by johncc View Post
Dear LQ-

I need some help with high-level stuff - advice on the best way to approach something and the technology to use.

We have two offices, one in the UK and one in Cyprus. I've installed an Ubuntu server 8.04 at each one, running nothing much more than Samba and SSH at the moment. They both have pretty decent Draytek routers, and I've used those to create a LAN to LAN VPN, so that one location has a 192.168.1.0/24 subnet and the other has 192.168.2.0/24.
...sounds good, so far

Quote:
The problem is that this link is only ADSL based and will certainly go down or slow down from time to time, and I'd like to achieve good integration between the sites while allowing them to operate independently when needed.
Again, this sounds like a very sensible summary of the likely situation. Depending on the mysteries of the internet to be always available in a 'mission critical' situation seems like asking for trouble, with extra severe trouble on the side, at some unspecified future time.

Quote:
I'm reasonably familiar with Windows networking although I'm still clearer on NT4/NBT/WINS/PDC/BDC stuff than Active Directory. I'm OK with Samba although have never used it as a domain controller. I'm weak on DNS and LDAP.
This is the point at which I'm going to try to top you: My advice would be to think about what capabilities you want the system to have and then work out how those things can be achieved. In particular, the less you get hooked in to proprietary technologies from MS (or anyone else, for that matter) at a fundamental stage, he easier I think you will find it cope as things evolve.

So, I think the capabilities that I/you would/should be looking at in this scenario are:

* access to the internet, in the normal way
* availability of fully-replicated set of user files
* access to local file server (passwroded, permissions,...) with aforementioned set of files
* (collaboration - a cross-site wikki type thing - you've said nothing to make me think you would want that, but its the kind of thing you might want)
* backup and restore
* local printing/printserver
* remote printing/printserver??? (note that if you do this, at some point, someone in a financial or hr position will print out something mega-embarassing on the remote printer. This may be amusing if you are absolutely sure that it won't be you.)
* you might want to use DHCP to minimise admin (although with a small number of PCs, I'm not sure that there is a big gain on offer) although it doesn't seem that you need anything other than two, simple, local DHCP servers.
* e-mail

Quote:
The clients on the network will be a mixture of XP and Vista (with a couple of my Linux boxes thrown in but I can worry about those myself).

I'd like to achieve the following:-

* Samba as a domain controller
* PDC in Head Office, BDC in Branch Office
* Windows networking to resolve names between the two locations
* Single set of accounts between the two servers

I think that this means I need to set up LDAP on the two servers.
I don't think that you need to mess with Wins. you would need samba as the file server to the mixed population of machines. I don't think that you need to worry about resolving names between the two locations, if you replicate the files across (which I think will be simpler, but I have to admit I haven't tried the two back to back, so this is just my best guess).

The only things, therefore, that seem to need care (in my simple world view) are:
- replication; rsync may be fine, probably Unison would be a better choice, but again I'm guessing
- traffic needs encryption, but then you know that
- single set of logins/ unified log in. I'll admit this is also something I don't know how to do, but I'm assuming that an LDAP howto does.

Note also that my 'simple solution' is not infinitely scalable, or anything like. But you are asking about small systems, so unless you confidently expect exponential growth, I'm assuming that's not a big problem.


Quote:
* Do I choose a single root name (e.g. mycompany.local) to cover both sites?
Assuming that you are not expecting the outside world to access your system (& if you are, shouldn't this be the bit in the DMZ?), i think this is just a matter of your convenience.

Quote:
* Can both machines run an LDAP server, each preferring itself for authentication but keeping the two databases in sync automatically?
Pass.

Quote:
I also believe I need to set up WINS to allow windows name resolution to work.
I don't think that you do need wins. From the point of view of each desktop, you need to know how to find the fileserver (1 IP in each case) and, for access to the wider internet, the DNS server. That's two or three IPs (secondary DNS, if present) you have to enter 'by hand' in each case. I'm not sure that you need much else.

Quote:
* Can I run a WINS server in each site, like a PDC and BDC where one just caches the other, or automatically keeps in sync with it?
Not sure that it is necessary, but pass anyway.

Quote:
Although the routers serve DNS and DHCP, I wonder what the advantages would be of getting the servers to do so instead. I think it would allow me to set things for DHCP clients like local domain name, WINS server(s), etc. Also I think I could set it up so that DHCP clients are added to local DNS... is this simple to do? Could this then take the place of WINS, since I know the Windows networking can use DNS for name resolution?
I'm not sure that I follow you here (and that may just be my lack of understanding of some aspects of networking). DHCP hands out IPs, but, AFAIK, it doesn't know what 'human readable' name that might relate to, so I'm not sure how the DHCP/DNS interaction could work from end to end. However, I don't think you need this as you only to find servers and not every desktop (unless you are doing peer to peer networking).

One of the critical things that hasn't appeared anywhere is e-mail. Now, I'm assuming e-mail is 'mission critical', as it seems to be for most enterprises. Now that's not such a big problem except that you might be fastened to Outlook as an e-mail system (and its attendant Exchange server) and I'm sure that makes things more difficult. Its a long time since I have known anything about outlook/exchange (& I'm happy to keep it that way) and that may force you down particular pathways with LDAP.

Now, if you can stick to 'basic' LDAP functions, that Samba can deal with for you, that probably isn't too bad, but if an existing implementation forces you to use advanced features, that may be ahead of where Samba currently is (Microsoft's 'embrace and extend' standardisation).

Sorry I'm not better informed but I thought you might like my random thoughts, for what they are worth.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: French police plan Windows-free jails, offices LXer Syndicated Linux News 0 01-30-2008 03:40 PM
solution to connect two offices using Linux in a secured manner dearmohit Linux - Networking 1 02-06-2007 07:09 AM
Suse Enterprise Linux Setup!!!? adam_blackice Linux - Newbie 1 11-03-2006 05:07 AM
Connecting Two Windows Offices With Linux/VPN johndavid Linux - Networking 1 06-27-2006 06:43 PM
Enterprise Network Setup linuxlinux Linux - Networking 10 04-05-2006 08:16 AM


All times are GMT -5. The time now is 01:18 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration