Your point about samba with 2 NICs for HA makes sense. Running test on FW doesn't make sense (but does it on server for which you try to improve HA or are these 2 NICs for bandwidth only ?)
Anyway, as I've, on my own design, split Zentyal and file sharing, I won't push you to do differently
If I may try some suggestion:
- don't worry about VLAN, for what I understand, you don"t need it.
- run infrastructure services on the main Zentyal server (the one acting as FW) then deploy Samba as additional server. Role for each server depends on what kind of service you want to deploy. If infrastructure requires authentication, you will need to manage account on server 1 (infra) and you do want to share these accounts with server 2 (Samba). For the time being, this can be done implementing 2 different approaches.
Few month ago, I would have suggested to look at LDAP replication to keep Samba isolated but after last summit, now that I understand better Zentyal strategy, I would rather suggest to stay on the Samba side, it will make your life easier when migrating to the next versions.
At this stage it would be better if people running 3.x add their inputs here (I'll stay on 2.2 for multiple reasons and there have no hands-on experience) but I would, if I had to design these, look at hereafter design and deployment process:
- Start with server 2 (yes
running only minimum services to run file sharing. This will bring other dependencies, don't worry.
- Once this server runs (test it with device using fixed IP), deploy server 1 and configure it as additional domain controller. This will synchronize accounts you will create on server 2. On server 1, run FW, DNS, DHCP, mail if needed. File sharing will run here to but you will not share anything.
On interesting trick with such design:
- on DHCP, configure leases to push server 2 as main DNS server for clients. you may use server 1 DNS as failover.
- configure DNS on server 2 to use server 1 DNS as forwarder
- enable cache on server 1 DNS
Regarding DHCP: use it to deliver IPs (on different subnets) for internal clients and wifi clients. For internal clients, be sure to define DHCP zone that is not too wide so that you can keep some addresses to manage IP reservation. Be sure server 2 is out of the dynamic range too
server 1 (eth2) is the default gateway for all internal clients (DHCP will deal with this except for static devices... like server 2
server 1 (eth0) is default gateway for wifi clients but here again, DHCP will deal with this, don't worry.
With such design, one potential pitfall is DNS content management: I don't have ideas clear enough with 3.x to tell whenever DNS content is synchronized across Samba domain. If not, you may have to manage on server 2 that will be the main DNS server for internal clients some entries for mail server running on server 1. Not clear to me and even reading documentation, I can't make any clever choice here.
Regarding Stuart's comment
You could set up 2 dhcp scopes one for wired one for wireless.
This is not that you
could. you
must as these are different subnets.
Then one could discuss whether implementing kind of DHCP failover for internal clients makes sense using DHCP server on server 2. I would suggest to make things simple as first approach and discuss this later.
Have fun