sure you can have multiple domains with all the account info in LDAP.
if you really want it to work together well you'll have a PDC and BDC's
though. you may be able to try samba intertrust relationships, but i've
never used that
Soohoon Lee wrote:
Thanks all
This is my smb.conf
[global]
dos charset = UTF-8
workgroup = DOMSMB
security = user
allow trusted domains = No
password server = NULL
passdb backend = ldapsam:ldap://10.17.124.190/
<http://10.17.124.190/>
max log size = 50
load printers = No
stat cache = No
os level = 10
dns proxy = No
ldap suffix = dc=my-domain,dc=com
ldap user suffix = ou=Users
ldap group suffix = ou=Groups
ldap admin dn = cn=Manager,dc=my-domain,dc=com
ldap ssl = no
And I like to make multiple samba servers to share single LDAP server
without using domain controller feature.
I'm getting feeling that pure LDAP server is for single samba server
or the LDAP server should have samba DC to serve multiple samba servers?
Thanks,
Soohoon.
On Fri, Aug 1, 2008 at 7:02 AM, Lukasz Zalewski <[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>> wrote:
Lukasz Zalewski wrote:
Adam Williams wrote:
are you using security = user or security = domain on your
multiple servers?
Soohoon Lee wrote:
Hi
Is it possible to use single LDAP server and multiple
samba servers?
The problem I'm having now is
Each server thinks their host name is their LDAP
domain name, or
sambaDomainName, and
complain the user's SID is different so can't
authenticate.
How do I make samba servers use one domain name and SID?
LDAP domain name is DOMSMB
dn: sambaDomainName=DOMSMB,dc=my-domain,dc=com
sambaSID: S-1-5-21-2479917030-3150298425-213194246
And samba server created a new domain after its hostname.
dn: sambaDomainName=SRV6,dc=my-domain,dc=com
sambaSID: S-1-5-21-4202146032-850913369-3381557932
And complain user's SID is different from its SID.
Thanks,
Soohoon.
We have student domain and staff domain and one LDAP server.
We wanted staff members to log onto student domain. So we
considered two options:
1. Interdomain trust relationship
(http://us4.samba.org/samba/docs/man/Samba-HOWTO-Collection/InterdomainTrusts.html)
However this option was not good for us as we didn't want to
open up the firewall and we wanted staff members to get the
proper student experience (i.e. home dirs and profiles on the
student server). So that brought us to the second option:
2. ldap translucent proxy overlay
(http://linux.die.net/man/5/slapo-translucent)
In this setting we override sids (i.e. domain sid part of the
staff domain is substituted with student domain portion of the
sid) for users and groups and point samba to the overlay. Bear
in mind that all of the changes make by samba like machine
passwords, user passwords, idmap mappings etc will go no
further than the proxy so great care must be taken in LDAP
setups that use referrals.
Now the most important question is what do you use you two
domains for?
HTH
Lukasz
Ah sorry I didn't read the Subject line properly you do not want
PDC. As Andy pointed out maybe you should have one of the servers
as a domain member of the other domain
Lukasz
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
