On Monday 21 November 2005 19:32, David B Harris wrote: > Hey all, > > I'm looking to merge multiple NT4 domains into a single infrastructure > based on Samba3 and OpenLDAP on Linux of the Debian Sarge flavour (and, > Bob willing, Samba4 before long).
Bob is willing, but what does he have to do with Samba4? > In order to allow some resources to be shared from a single Linux > instance, I'm rather hoping that I can put every domain's information > into a single LDAP DIT. The Samba PDCs will use only portions of the > DIT, in order to give the appearance (to users) of multiple domains. > It'll also hopefully allow some degree of privilege delegation. OK - that should work so long as you do not expect domain user accounts to function within mulitple domains. You will be able to use interdomain trusts to affect cross-domain user access capabilities. > *nix boxes would use the entire tree to resolve every UID/GID (though > logins would only be allowed based on some attribute values). > > Everything would be fine, except I'm a bit worried about the Well-known > Windows RIDs (512, 513, 514, 550, 551, 552). Obviously the RID must be > those particular numbers, but do the gidNumbers need to match? (Is this > required even generally, that gid/uidNumbers match the RID?) The well known RIDs are important, but the UID/GID can be any valid value. > Note that winbind isn't involved. I haven't found anything in the > documentation, which while I've read through entirely, I haven't read > from front-to-back, so my memory may be failing me. Documentation > pointers very welcome. - John T. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
