Adam Williams wrote:
security = domain is for domain member servers, which are servers that
are part of the domain but don't authenticate users, handle roaming
profiles, etc. basically you'd use them for print servers, or more
file shares.
why don't you just have a PDC and use BDCs? sure you can have a bunch
of domains and PDCs, but if its all for the same company, just go with
the PDC and then a BDC on each subnet. PDCs and BDCs both use
security = user
There are two issues:
a) The workstations log on to another domain, managed by AD, and I don't
want to integrate Samba with that domain
b) I want each Samba server to be able to operate independently, but
give the users the convenience of a single password for all servers
I'm quite happy to create a Samba PDC, but if I can just make the Samba
servers operate as standalone servers using a common workgroup name, is
that more convenient to setup and more fault tolerant?
Daniel Pocock wrote:
Consider the following scenario:
- a single OpenLDAP server, with a single instance of the object
class sambaDomain and a single SID:
dn: sambaDomainName=myserver,ou=samba,dc=example,dc=com
objectClass: sambaDomain
sambaDomainName: MYGROUP
sambaSID: S-1-2-3
- multiple Samba servers, each with the following configuration:
security = user
workgroup = MYGROUP
Is this a valid configuration? Or does the SMB protocol require the
domain security to be used (security = domain) when all servers share
a single LDAP backend?
Regards,
Daniel
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
