UCS 2.4 - Univention
UCS 2.4 - Univention
UCS 2.4 - Univention
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
8 Services for Windows<br />
A DC master with Samba automatically offers the PDC function. DC backup and DC slave servers with<br />
Samba can be used as BDCs; member servers with Samba as so-called member servers. The package<br />
univention-samba-slave-pdc is used to use systems apart from the DC master as the PDC (e.g., domain<br />
controller backup, domain controller slave and member server). In general it should be noted that only one<br />
PDC can be installed on a network as visible via Broadcast and WINS (see also Chapter 8.4.2).<br />
Building a Samba domain involves the following steps:<br />
1. As standard the PDC of a Samba domain is on the DC master. The DC master must thus be<br />
installed using the Samba package from the Services for Windows component. A PDC must be<br />
set up before join scripts of other Samba systems can be run.<br />
2. Windows clients are joining the domain<br />
3. Installation of BDC in headquarters as DC backup with Samba. The joining of the domain and<br />
replication of the LDAP directory from the DC master occur automatically.<br />
4. Installation of BDCs in the branches as DC slave with Samba. The joining of the domain and repli-<br />
cation of the LDAP directory from the DC master occur automatically again.<br />
5. Addition of further objects in the LDAP directory <strong>Univention</strong> Directory Manager.<br />
The domain joins of the Windows clients can also be effected at the end. It is only important the DC master<br />
is installed first of all. Changes to the LDAP directory can only be made on the DC master and are then<br />
automatically replicated on the Samba domain controllers.<br />
To increase security, the replication range of the Samba domain controllers in the branches can be limited.<br />
To do this, the LDAP ACLs are adapted so that only the branches of the LDAP directory which are actually<br />
needed in the branch are replicated in the branch and there is no access to the other areas.<br />
Notes on joining domains with Windows systems can be found in Chapter <strong>2.4</strong>.2.<br />
8.4 Extended Configuration<br />
8.4.1 Trust relationships<br />
Trust relationships between domains make it possible for users from one domain to log on to computers<br />
from another domain. If a Windows domain trusts a Samba domain, there is also the possibility to log<br />
on to the Samba domain alongside the Windows domain when logging on to computers belonging to the<br />
Windows domain. Users from the Samba domain signal this when logging on and are authenticated by a<br />
domain controller in the Samba domain.<br />
If a Samba domain trusts a Windows domain, users from the Windows domain enter the user name<br />
+ when logging on to a Linux computer belonging to the<br />
Samba domain. In this way the users can also log on on the Linux workstations of the <strong>UCS</strong> domain.<br />
The user’s home directory is created under /home/- on<br />
the PC or BDC on which the user was authenticated.<br />
A user smith from the WIN domain would thus enter e.g., WIN+smith to log-in. His home directory would<br />
have the path /home/WIN-smith in Linux.<br />
190