Joining a Domain on a multiple-domain Server

dqpr10 at canal-plus.fr dqpr10 at canal-plus.fr
Fri Apr 7 09:33:22 GMT 2000 

This is not a samba question, this is a NT domain management question.


                       MASTERDOMAIN
                             |
           +-----------------+----------------+
           |                 |                |
        DOMAIN1           DOMAIN2          DOMAIN3

MASTERDOMAIN:	authentification domain
DOMAIN1/2/3:    "data" domains, they have to approve MASTERDOMAIN

You should have your accounts base into MASTERDOMAIN PDC and DOMAIN1/2/3
approving the MASTERDOMAIN.
This will ensure accounts connected into the MASTERDOMAIN domain to view
ressources holded by DOMAIN1/2/3. The next step is to define Global
Groups
in the MASTERDOMAIN domain to pass the trust relationship.

IE:
Let's say DOMAIN1 is for sales, you have a share on the DOMAIN1 PDC's
for salers:

\\DOMAIN1_PDC\sales

Ensure DOMAIN1\Administrators have the following members:
	DOMAIN1\Domain Administrators
	MASTERDOMAIN\Domain Administrators

You can create a LOCAL group in DOMAIN1 called L_SALES, then create a
GLOBAL group
in MASTERDOMAIN called G_SALES.
Set share security for \\DOMAIN1_PDC\sales to:
	DOMAIN1_PDC\Administrators	Full Control
	DOMAIN1_PDC\L_SALES		Modify
Add NTFS security if you really want a secured share.
Add MASTERDOMAIN\G_SALES as member of DOMAIN1\L_SALES.
Add users in MASTERDOMAIN\G_SALES, they'll have access to
\\DOMAIN1_PDC\sales.

The workaround is the same for DOMAIN2 & DOMAIN3.

Use MASTERDOMAIN as the LOGON domain and DOMAIN1/2/3 as private domains.
If you wish to use DOMAIN1/2/3 as logon domain for certain users, they
won't be
able to access other domains' ressources if they don't have an account
on them
too. If you wish to add a private user to more than one sub-domain (ie:
DOMAIN1 &
DOMAIN2), ensure they have the same name & passowrd (as Windows clients
tests against
matching username/password first).

Note that if you have a real file server (that is not a DC), that'll
obviously
works the same.


I suggest learning NT before trying Samba.

Meerwaldt at t-online.de a écrit :
> 
> Hi all,
> 
> I want to replace a NT 4 Server with a FreeBSD Server running Samba. Now
> we have in our company a Domain, which supplies multiple domains. In NT4 I
> enter in the Join a domain field a domain (Let's say alldomains) and when
> I log on, I see 3 domains (which this domain supplies). Do you know what I
> mean? But I can't logon to alldomains directly. I have to log on to
> DOMAIN1 (this domain is supplied by the main-domain alldomains). Now I
> want to join the Domain DOMAIN1, but I want to share folders with users of
> other domains (which supplies the main-domain alldomains, too), too. For
> example: I tell Windows NT 4 to join a domain. Domain
> Name: alldomains. Username to Join is: DOMAIN1\frederik and my normal
> password. Then it tells me, that I have successfully joined the domain
> alldomains. At the Login Screen I see the domains DOMAIN1, 2 and 3. But I
> log on to DOMAIN1.
> 
> My Questions:
> 
> - How can I log on to DOMAIN1 over the main-domain alldomains
> - When I share a directory, I have to create a local user, and then I
> share the directory and the username will be verificated with the PDC of
> the Domain I am logged on to. But now, I am logged on to Domain1 and want
> to let a user, which is on Domain2, access the share. How do I have to do
> this?
> 
> Hope I have explained my question clearly. If there are any further
> questions, ask. THANKS IN ADVANCE
> --
> 
> Best regards,
>         Freddy
> 
> Homepage: fmeerwaldt.homepage.com
> Last update: 11.03.2000
> Very good OpenVMS HowTo's, DHCPD Howto, VXT2k NetBooting HowTo, and a
> little bit about me.
> ------------------------------------------------------------------------
> NetBSD Vax, Alpha, i386. Tru64 Unix, OpenVMS, FreeBSD, Ultrix.
> ------------------------------------------------------------------------

-- 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=+=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
=- Benoit Boudeville            | CANAL+ Technologies            -=
-= Computer System Engineer     | 34, place Raoul Dautry         =-
=- mailto:bboudev at canal-plus.fr | 75516 Paris Cedex 15           -=
-= Tel: 01.71.71.55.83          | Fax: 01.71.71.55.77            =-
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=+=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-------------- next part --------------
A non-text attachment was scrubbed...
Name: bboudevi.vcf
Type: text/x-vcard
Size: 324 bytes
Desc: Carte pour Benoit Boudeville - Admin Syst?me
Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000407/cce0bab6/bboudevi.vcf

More information about the samba-ntdom mailing list