2 domains from the same LDAP tree:
domain SUBDOMAIN with LDAP info drawn from ou=subdomain,o=domain
sambaDoimainName=SUBDOMAIN,ou=subdomain,o=domain
users kept in ou=subdomain,o=domaindomain SUPERDOMAIN with LDAP info drawn from o=domain
sambaDomainName=SUPERDOMAIN,o=domain
users kept in o=domainI've set this up with 2 PDCs, and users in ou=subdomain can log into both systems, wheras users in o=domain can only log into SUPERDOMAIN. This does work, even if the SambaSIDs of the users do not match the domain's SID (which is very useful)
What is needed is a way of qualifying the username to state which part of the tree it is drawn from.
For example, if a 2 users named 'fredbloggs' existed, one in ou=subdomain,o=domain, and one in o=domain, then there would be confusion, and only one would work (cn=fredbloggs,o=domain, I assume). I have Netware roots, and in an NDS system with a similar setup, you could log into a system with the context set to o=domain as 'fredbloggs' to log in as cn=fredbloggs,o=domain, or you couyld log in as 'fredbloggs.subdomain' to log in as cn=fredbloggs,ou=subdomain,o=domain.
What would be nice in my situation is to be able to log in on a workstation in my school as 'jim', and get onto the system at the community learning centre as 'jim.myschool' or something similar. (MYSCHOOL\jim ??)
I hope this makes sense and doesn't sound too much like me brainstorming
Has anyone tried anything like this?
cheers
Jim Potter UK
rruegner wrote:
Hi,
yes its no problem, you need slave ldaps and samba bdcs in the other locations, read the samba how to,
the other way is to have a own domain at each location with own pdc
and make trusts
What you mean with duplicate usernames?
Regards
Jim Potter schrieb:
Hi All,
I am looking into the feasability of using Samba/LDAP for domain control across several schools in my area, and would be interested to hear of anyone who has any experience/thoughts on how this could work.
The schools share a community learning resource centre, and I am looking for ways for all users to be able to log in at their own schools, and also at the learning resource centre using the same credentials, and be able to see thier documents from both (all connected by 2-10M lines at present, which will probably be adequate).
Each institution needs to be a secure self sufficient entity within its own right, allowing access to its list of users (and their work) to the resource centre.
A big problem I see is duplicate user names between schools.
Any hints/tips/comments/feedback would be very welcome.
cheers
Jim Potter UK
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
