Hi guys - real newbie question, hope you don't flame too much here...

I've been using a windows workgroup network for a while now.
I'd had seven windows PCs in one building cabled together and working well together.
As I understand it though, a workgroup is limited to the number of PCs that can be connected to it?

So then, I'd like to network some PCs that are located in another building.
Am I correct in thinking that I need a 'domain' based network?

I've just started using Ubuntu Linux and have a server running Apache & MySQL - it seems to be working ok.

Wow - what a difference to the RedHat I used 5 years ago - things have *really* moved on! :)

Will a domain based network allow my other users to access the network from their remote location?

I have been searching various strings on the net like....

domain based network linux tutorial
linux domain network tutorial
etc etc using various quote strings....

...and soooooooooo many more - but I can't find any such tutorial to get me going.

If anyone has any advice, please help


Many thanks,
d.

You don't need anything (except cables and hubs/switches) for the machines to be able to talk to each other. You don't need either a "workgroup" or a "domain" (both being Windows terms, of course). The whole "domain" thing is a push by Microsoft to get you to buy one of their server OSes (e.g. "windows home server", basically a steaming pile of crap), because every domain needs at least one domain controller. And while Samba can be a domain controller, it can only do that with an older-level domain. (I think. I believe they're working on the newer level stuff still.)

But it's worthless.

The only thing a domain gives you is centralized user and machine administration (if the admin hasn't added a machine to the domain, then domain-user logins from that machine aren't allowed, and domain users can be set in permissions on any machine), and also a few features with the directory (e.g. automatically installing software). If you don't need that now, you don't need a domain.

AFAIK, "workgroups" are not limited on the number of machines that can connect. Now they may get horribly slow when you have thousands of machines, but so will domains (domains run the exact same computer discovery protocols).

And none of this applies to Linux, of course. :p

bwkaz,
Thank you! That was most enlightening.
I really had no idea that the domain thing was yet another Windows issue.

Well, if you don't mind, I'll just try to clear up my main issue.

I have a Linux server, and some varied windows and linux PCs scattered in different locations (not the same building).

I guess I can put a vacation planner/ calendar etc on the webserver.

But what would be the best way to fileshare when there is no physical connection?
How could my users login to a GUI(!) to access a common 'area'?

Sorry for this vague description - but I'm hopelessly out of my depth.
If you or anyone has a web-resource or good book I could be referred to (or buy) - I'll happily do that.

Thanks,
d.

Well, if you don't mind, I'll just try to clear up my main issue. That's always appreciated, actually. If we know what you're really trying to accomplish, we may know of better ways to do it than what you have in mind. :)

I have a Linux server, and some varied windows and linux PCs scattered in different locations (not the same building). I assume they all have some kind of Internet connection, right?

I guess I can put a vacation planner/ calendar etc on the webserver. Should work. I assume that since the people are in various buildings spread out all over, that they'll have to do some kind of login to get to the calendar data, right? (Or at least to change the data?) Because otherwise you'll end up with J. Random Script Kiddie messing with your stuff. ;)

But what would be the best way to fileshare when there is no physical connection?
How could my users login to a GUI(!) to access a common 'area'? I assume by "login to a GUI" you mean they want to use some GUI windows program to browse the files, right?

One option would be something like expow on the Linux box -- it's a PHP or Perl (can't remember which) set of web pages to expose a directory from the web server and allow users to make changes. You can lock it down to require authentication as well (and you may be able to make it use the same authentication as the calendar stuff, if you hack on the expow source). There are probably lots of other equivalent PHP/Perl/whatever scripts that do similar things.

If you don't want to do it through a web browser, it may work to set up some kind of site-to-site VPN (or a VPN client on each machine that they'd fire up when they needed to get to remote files). I haven't done that with any Linux, so I'm not sure exactly how it'd work, but basically they'd be able to use their normal Windows Explorer (once the authenticated and encrypted VPN tunnel was up) stuff to browse remote fileshares.

You want the data to be encrypted because you don't want random Internet routers pulling down copies of your (probably-business-related) files. You want it to be authenticated for the same reason as the calendar data -- you don't want J. Random Script Kiddie to start deleting (or changing) files. VPNs are good at this kind of thing. :)

I agree that a domain is an MS thing but the term itself started long before Home Server. Also, if you do want centralized user management, you could use Open LDAP.

Oh, right, the term was around long before Home Server. But it's getting pushed on home users now that Home Server does actually exist (and plus there's the "if it's possible to get more people to use our supposedly-"server-class" OS, we need to do it NOW!" mentality in Redmond), and it sounded a bit like that's what was going on here, perhaps. Especially with the comment about the number of workstations that a workgroup could hold versus a domain. :)

On OpenLDAP -- yeah, that's another way of doing most of the same stuff. MS domains are actually Kerberos- and LDAP-based, mostly (they of course have their own way of doing a few things that make it just enough of a non-standard setup that you can't use anyone else's LDAP server to replace a domain that already exists), so you can get most of the same results with any LDAP server and any Kerberos server, if you put a bit of work into it. ;)