Re: [Samba] one ldap server and multiple samba PDC domains
the problem is that we need different domains but there are users that should be able to login in to all domains and also there is a public domain which every body could use to login so if we use multiple LDAP servers managing their properties for example passwords is difficult since when a user changes password then the password must be set in all LDAP servers. 2008/10/23 Andrew Bartlett [EMAIL PROTECTED] On Mon, 2008-10-20 at 08:57 +0330, Mohammad Reza Hosseini wrote: hello Is it possible to have multiple samba servers so multiple samba PDC domains but just one ldap server ? (so users in ldap can login to diffrent domains but we add them just one time) if yes how? In short, don't. A lot of folks have got themselves into a lot of trouble doing this, as it is not a tested or supported configuration. The only option is to ensure that each Samba domain cannot see the users of the other domain - the suffixes must be different. But then why even share the LDAP server? I strongly suggest running a single domain for a single organisation, backed by a single LDAP server (or replicated set of LDAP servers). Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ http://samba.org/%7Eabartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] one ldap server and multiple samba PDC domains
The short answer is that it is a very bad practice to use and poor design to use a single DIT across multiple domains. It is much smarter to design and implement a separate DIT per domain Greets Sven Am Donnerstag 23 Oktober 2008 02:45:46 schrieb Andrew Bartlett: On Mon, 2008-10-20 at 08:57 +0330, Mohammad Reza Hosseini wrote: hello Is it possible to have multiple samba servers so multiple samba PDC domains but just one ldap server ? (so users in ldap can login to diffrent domains but we add them just one time) if yes how? In short, don't. A lot of folks have got themselves into a lot of trouble doing this, as it is not a tested or supported configuration. The only option is to ensure that each Samba domain cannot see the users of the other domain - the suffixes must be different. But then why even share the LDAP server? I strongly suggest running a single domain for a single organisation, backed by a single LDAP server (or replicated set of LDAP servers). Andrew Bartlett -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] one ldap server and multiple samba PDC domains
On Mon, 2008-10-20 at 08:57 +0330, Mohammad Reza Hosseini wrote: hello Is it possible to have multiple samba servers so multiple samba PDC domains but just one ldap server ? (so users in ldap can login to diffrent domains but we add them just one time) if yes how? In short, don't. A lot of folks have got themselves into a lot of trouble doing this, as it is not a tested or supported configuration. The only option is to ensure that each Samba domain cannot see the users of the other domain - the suffixes must be different. But then why even share the LDAP server? I strongly suggest running a single domain for a single organisation, backed by a single LDAP server (or replicated set of LDAP servers). Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc. signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] one ldap server and multiple samba PDC domains
Yes, it is possible. You must have multiple sambaDomainName entries, all with same SID value. I have this, and works very good. Jorge C. PD. Sorry for my bad english. On Mon, 20 Oct 2008 02:27:39 -0300, Mohammad Reza Hosseini [EMAIL PROTECTED] wrote: hello Is it possible to have multiple samba servers so multiple samba PDC domains but just one ldap server ? (so users in ldap can login to diffrent domains but we add them just one time) if yes how? thanks. -- Using Opera's revolutionary e-mail client: http://www.opera.com/mail/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] one ldap server and multiple samba PDC domains
Quoting Jorge Concha C. [EMAIL PROTECTED]: You must have multiple sambaDomainName entries, all with same SID value. What sambaSID do your users have? What does net getdomainsid return on your domains? I'm asking because I have 4 domains (long history, don't ask) and I'm currently moving them from tdbsam to ldapsam. I have no problems with my users because no user is repeated in two domains except for one soporte. I need this user soporte to be able to log in my 4 domains. Thanks, Norberto This message was sent using IMP, the Internet Messaging Program. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] one ldap server and multiple samba PDC domains
All my users can log in at all my 3 domains. Responses: All sambaDomainName entries: sambaSID=S-1-5-21-3209642587-1536209094-3825437934 same for all domains. users: user1 = S-1-5-21-3209642587-1536209094-3825437934-4801 user2 = S-1-5-21-3209642587-1536209094-3825437934-4802 user3 = S-1-5-21-3209642587-1536209094-3825437934-4803 etc. net getdomainsid @ all machines: SID for domain SAMBA1 is: S-1-5-21-3209642587-1536209094-3825437934 SID for domain DOMAIN1 is: S-1-5-21-3209642587-1536209094-3825437934 SID for domain SAMBA2 is: S-1-5-21-3209642587-1536209094-3825437934 SID for domain DOMAIN2 is: S-1-5-21-3209642587-1536209094-3825437934 SID for domain SAMBA3 is: S-1-5-21-3209642587-1536209094-3825437934 SID for domain DOMAIN3 is: S-1-5-21-3209642587-1536209094-3825437934 On Mon, 20 Oct 2008 11:42:45 -0300, Norberto Bensa [EMAIL PROTECTED] wrote: Quoting Jorge Concha C. [EMAIL PROTECTED]: You must have multiple sambaDomainName entries, all with same SID value. What sambaSID do your users have? What does net getdomainsid return on your domains? I'm asking because I have 4 domains (long history, don't ask) and I'm currently moving them from tdbsam to ldapsam. I have no problems with my users because no user is repeated in two domains except for one soporte. I need this user soporte to be able to log in my 4 domains. Thanks, Norberto This message was sent using IMP, the Internet Messaging Program. -- Using Opera's revolutionary e-mail client: http://www.opera.com/mail/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] one ldap server and multiple samba PDC domains
Quoting Jorge Concha C. [EMAIL PROTECTED]: All my users can log in at all my 3 domains. Of course. All your domains have the same SID... Why did you chose this setup instead of domain trusts? Wouldn't a two-way trust give the same functionality? Thanks! Norberto This message was sent using IMP, the Internet Messaging Program. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] one ldap server and multiple samba PDC domains
On Mon, 20 Oct 2008 14:20:16 -0300, Norberto Bensa [EMAIL PROTECTED] wrote: Quoting Jorge Concha C. [EMAIL PROTECTED]: All my users can log in at all my 3 domains. Of course. All your domains have the same SID... Why did you chose this setup instead of domain trusts? Wouldn't a two-way trust give the same functionality? I really do not know. I never thought in a configuration of two-way trust. In addition, my system began as a single domain, then, because the great load on the machine, I had to duplicate it and then tripled. Jorge C. PD. Tu hablas espaƱol ? Thanks! You are welcome. Norberto -- Using Opera's revolutionary e-mail client: http://www.opera.com/mail/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] one ldap server and multiple samba PDC domains
hello Is it possible to have multiple samba servers so multiple samba PDC domains but just one ldap server ? (so users in ldap can login to diffrent domains but we add them just one time) if yes how? thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba