Thanks, 'sharing LDAP server' is to share the same set of users/groups in the LDAP DB, not separate sets of users/groups for each samba servers. It looks like PDC ??? maybe what I want is more like NIS. So IIUC, to share a single set of users/groups in the LDAP server from multiple samba servers, I need LDAP and samba DC? And samba servers have to join the samba DC by net rpc join?
Thanks a lot. Soohoon. On Fri, Aug 1, 2008 at 11:22 AM, Adam Williams <[EMAIL PROTECTED]>wrote: > sure you can have multiple domains with all the account info in LDAP. if > you really want it to work together well you'll have a PDC and BDC's > though. you may be able to try samba intertrust relationships, but i've > never used that > > > Soohoon Lee wrote: > > > Thanks all > This is my smb.conf > [global] > dos charset = UTF-8 > workgroup = DOMSMB > security = user > allow trusted domains = No > password server = NULL > passdb backend = ldapsam:ldap://10.17.124.190/ > max log size = 50 > load printers = No > stat cache = No > os level = 10 > dns proxy = No > ldap suffix = dc=my-domain,dc=com > ldap user suffix = ou=Users > ldap group suffix = ou=Groups > ldap admin dn = cn=Manager,dc=my-domain,dc=com > ldap ssl = no > > And I like to make multiple samba servers to share single LDAP server > without using domain controller feature. > I'm getting feeling that pure LDAP server is for single samba server or the > LDAP server should have samba DC to serve multiple samba servers? > > Thanks, > Soohoon. > > On Fri, Aug 1, 2008 at 7:02 AM, Lukasz Zalewski <[EMAIL PROTECTED]>wrote: > >> Lukasz Zalewski wrote: >> >>> Adam Williams wrote: >>> >>>> are you using security = user or security = domain on your multiple >>>> servers? >>>> Soohoon Lee wrote: >>>> >>>>> Hi >>>>> Is it possible to use single LDAP server and multiple samba servers? >>>>> The problem I'm having now is >>>>> Each server thinks their host name is their LDAP domain name, or >>>>> sambaDomainName, and >>>>> complain the user's SID is different so can't authenticate. >>>>> How do I make samba servers use one domain name and SID? >>>>> >>>>> LDAP domain name is DOMSMB >>>>> >>>>> dn: sambaDomainName=DOMSMB,dc=my-domain,dc=com >>>>> sambaSID: S-1-5-21-2479917030-3150298425-213194246 >>>>> >>>>> And samba server created a new domain after its hostname. >>>>> >>>>> dn: sambaDomainName=SRV6,dc=my-domain,dc=com >>>>> sambaSID: S-1-5-21-4202146032-850913369-3381557932 >>>>> And complain user's SID is different from its SID. >>>>> >>>>> Thanks, >>>>> Soohoon. >>>>> >>>>> >>>> >>>> >>> We have student domain and staff domain and one LDAP server. We wanted >>> staff members to log onto student domain. So we considered two options: >>> 1. Interdomain trust relationship ( >>> http://us4.samba.org/samba/docs/man/Samba-HOWTO-Collection/InterdomainTrusts.html) >>> >>> However this option was not good for us as we didn't want to open up the >>> firewall and we wanted staff members to get the proper student experience >>> (i.e. home dirs and profiles on the student server). So that brought us to >>> the second option: >>> 2. ldap translucent proxy overlay ( >>> http://linux.die.net/man/5/slapo-translucent) >>> In this setting we override sids (i.e. domain sid part of the staff >>> domain is substituted with student domain portion of the sid) for users and >>> groups and point samba to the overlay. Bear in mind that all of the changes >>> make by samba like machine passwords, user passwords, idmap mappings etc >>> will go no further than the proxy so great care must be taken in LDAP setups >>> that use referrals. >>> >>> >>> Now the most important question is what do you use you two domains for? >>> >>> HTH >>> >>> Lukasz >>> >> >> Ah sorry I didn't read the Subject line properly you do not want PDC. As >> Andy pointed out maybe you should have one of the servers as a domain member >> of the other domain >> >> Lukasz >> > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
