Re: [Samba] Samba 3.0.0 & LDAP: multiple domains logon
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 werner maes wrote: | At 10:44 1/10/2003, Gerald (Jerry) Carter wrote: | |> -BEGIN PGP SIGNED MESSAGE- |> Hash: SHA1 |> |> werner maes wrote: |> | |> | Hello, |> | |> | If you use samba 3.0.0 with LDAP authentication, samba uses an ldap |> | attribute "sambaSID" in which the domain SID is stored. When somebody |> | does a domain logon (2000/XP) this attribute is checked. But suppose I |> | would like to login to another domain? Can I define multiples |> sambaSID's |> | or is this attribute unique? If it's unique, how can I login to |> multiple |> | domains? |> |> You can't. This was one of the drawbacks of moving to SID's |> as opposed to RID's. However, you can setup truated Samba |> domains thus grouping users but still being able to logon to |> clients in other domains. | | | What do you mean by "truated Samba domains"? | Could you explain some more? Arghh...my typing skills strike again. I mean to say "trusted" samba domains. In other words, setup different Samba domains for groups of users (students, accounting, sales, etc...) and then establish trust relationships between the DC's. Or you can setup a single domain with multiple Samba BDC's. cheers, jerry ~ -- ~ Hewlett-Packard- http://www.hp.com ~ SAMBA Team -- http://www.samba.org ~ GnuPG Key http://www.plainjoe.org/gpg_public.asc ~ "You can never go home again, Oatman, but I guess you can shop there." ~--John Cusack - "Grosse Point Blank" (1997) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/evrgIR7qMdg1EfYRAq/KAKDzFrKAw2dpwkwPQthvEaYVl8ulyQCg1yKB 0D+jflDSaDvZNPghpbvbeNY= =GIYr -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.0 & LDAP: multiple domains logon
At 10:44 1/10/2003, Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 werner maes wrote: | | Hello, | | If you use samba 3.0.0 with LDAP authentication, samba uses an ldap | attribute "sambaSID" in which the domain SID is stored. When somebody | does a domain logon (2000/XP) this attribute is checked. But suppose I | would like to login to another domain? Can I define multiples sambaSID's | or is this attribute unique? If it's unique, how can I login to multiple | domains? You can't. This was one of the drawbacks of moving to SID's as opposed to RID's. However, you can setup truated Samba domains thus grouping users but still being able to logon to clients in other domains. What do you mean by "truated Samba domains"? Could you explain some more? Thanks, Werner -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.0 & LDAP: multiple domains logon
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 werner maes wrote: | | Hello, | | If you use samba 3.0.0 with LDAP authentication, samba uses an ldap | attribute "sambaSID" in which the domain SID is stored. When somebody | does a domain logon (2000/XP) this attribute is checked. But suppose I | would like to login to another domain? Can I define multiples sambaSID's | or is this attribute unique? If it's unique, how can I login to multiple | domains? You can't. This was one of the drawbacks of moving to SID's as opposed to RID's. However, you can setup truated Samba domains thus grouping users but still being able to logon to clients in other domains. cheers, jerry ~ -- ~ Hewlett-Packard- http://www.hp.com ~ SAMBA Team -- http://www.samba.org ~ GnuPG Key http://www.plainjoe.org/gpg_public.asc ~ "You can never go home again, Oatman, but I guess you can shop there." ~--John Cusack - "Grosse Point Blank" (1997) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/evZoIR7qMdg1EfYRAmBuAKDqfSOb/BUGDEDZtlpDUAEOFrgxKwCfeypo dGPwe9oxoAtPb+i5BtTCAvo= =WnyP -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.0 & LDAP: multiple domains logon
Hello, If you use samba 3.0.0 with LDAP authentication, samba uses an ldap attribute "sambaSID" in which the domain SID is stored. When somebody does a domain logon (2000/XP) this attribute is checked. But suppose I would like to login to another domain? Can I define multiples sambaSID's or is this attribute unique? If it's unique, how can I login to multiple domains? Werner -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
