A question about NT Domains

John Harper harper at scar.utoronto.ca
Wed Apr 8 20:23:55 GMT 1998

I'd like to thank all who responded to my earlier query about
accessing multiple domains from an NT client. The answer to my
question is "NO". sigh.

On Wed, Apr 08, 1998 at 12:17:14PM -0700, William Stuart wrote:
> There is no way to get an NT machine to be a member of two domains.  I
> believe you can get an NT machine to log into two different domains if
> the domains have a trust relationship.

Many people have suggested some sort of domain trust, but as Jeremy
pointed out, SAMBA does not yet implement this. I'm not sure it would
help me anyway.

> You should probably create one domain, then limit access to each server
> via user groups.

I'm not sanguine about groups either.

I think the answer to my particular problem is to configure a third
system with SAMBA and make that the PDC (and browse master, and domain
master etc) - it will have an smbpasswd file for all accounts but will
offer no other shares. Once a user has authenticated with that
controller, they can connect to whichever server their account really
exists on, but not the other (i.e each server has an smbpasswd file
containing only those entries for the appropriate class of user -
faculty or student).

In my previous scenario, one of the servers was PDC and also offering
shares, which would then be accessible to all users (since I'd have to
put all users in its smbpasswd file and this file is used both for
domain authentication and share authentication).

I now have just a minor administrative problem of managing 3 smbpasswd
files - one on each server, and a concatentation of these 2 on the PDC
(which must also include the machine entries -- it would be useful if
smbpasswd could accept a flag specifying an alternate passwd file). I
can probably keep it in sync by running a cron job every minute to
pull the smbpasswd files off the servers.


John Harper
Academic Computing Coordinator
University of Toronto at Scarborough
harper at scar.utoronto.ca

More information about the samba-ntdom mailing list