[plug] Samba question - multiple workgroups, subnets

Denis Brown dsbrown at cyllene.uwa.edu.au
Fri Feb 27 12:51:03 WST 2004 

Dear PLUG list members,

I've done some Googling but obviously not in the right areas or with the 
right keywords :-(

I have a situation where two groups operating in Windows peer-peer 
(Workgroup) mode, each on their own subnet, will have their own private 
data areas on a Linux server.   There will be some shared areas (for 
collaborative working) and finally the data from selected areas will be 
backed up to a Windows server running in an Active Directory environment, 
on yet another subnet.   <Scream!>

What I'm having trouble getting my head around is the fact that essentially 
I will have three "workgroups" or rather, two workgroups and a domain.   Do 
I need three sep. instantiations of Samba to cope with this?   To put some 
flesh to the scenario...

Workgroup called TEACHING on subnet 192.168.0.x
Workgroup called RESEARCH on subnet 192.168.1.x
Domain called bill.gates on subnet 192.168.2.x

Users in TEACHING have a majority of Windows-based PCs (mix of 2000, XP) 
and want to connect to shares on the server.   Their root directory on the 
server will be called "teachers" and within that tree will be directories 
for the individuals.

Users in RESEARCH have a majority of Windows-based PCs (mainly NT4 
workstation) and want to connect to shares on the server.   Their root 
directory on the server will be called "researchers" and within that tree 
will be directories for the individuals.

Some/ all users in both TEACHING and RESEARCH workgroups will also have 
rights to shares in a server tree called "collaboration" so that they can 
easily exchange large data sets, documents, etc.

Finally, despite protestations and much gnashing of teeth, the "boss" in 
the scenario had his funds dry up and nothing left for backup.  An 
arrangement was made with an affiliate group, running a Windows Active 
Directory domain, to provide backup for selected areas in the server tree.

So...
I can and have set up Samba in the past for dealing with one subnet's / 
workgroup's needs.   Here I have two.   Renaming the workgroups to share a 
common name is not an option.  Putting the users on a common subnet is not 
an option.  I also have the domain to worry about.   I do not want to 
interfere with the operations or security of the domain and in fact I do 
not have or want admin rights to it.   I could set Samba up to be a simple 
member server rather than participate in the AD structure.

One Samba with a complex configuration or three Samba processes, each with 
their own config file?   Something else?  (Sorry, blowing away the Windows 
PCs and replacing with Linux is not an option either.   Early 
retirement?   Win Lotto?)

Googling has not helped :-(
TIA,
Denis

PS.  Brad (?) & Tony your experience and comments about ACLs and Samba may 
be very appropriate since the "boss" wants quite a high level of privacy - 
so do I really! - so I may have to do more than Linux permissions can 
provide.   I, too, read up on the acl's and was just about to implement same.

More information about the plug mailing list