nt workstation in multiple domains
Bill Brandt
brandtwr-samba at draaw.net
Sat May 27 20:51:19 GMT 2000
>Hi,
>is it possible to have two different samba servers on separate domains
>and have an nt workstation be a member of both.
>so a user is presented with a login screen and chooses which domain to
>login to and they, if authenticated, get the services from that samba
>server and other services from another?
>so I guess the question is more about Nt than samba but is this possible
>and is anyone doing it?
Two answers:
1. No it's not possible. Simply put a workstation can only be in one domain.
2. Now, a workstation does not even need to be in the domain to have access to
resources. It only needs to get a login token with that domain. 95/98 don't
allow you to connect to another domain unless the userids are sync'd (because if
you try it will prompt for a password but not ask for a userid). Now with NTWS
you can do the following:
* login to the workstation or one of the domains (if your not physically at that
site though, it will say it can't find a domain controller).
* NTWS will cache that userid/passwd combo. If you try to connect to a PDC or
BDC, it will use those credentials with your domain first. The PDC or BDC will
say, sorry I don't know you. Your workstation then says, try
userid/passwd/yourdomain to the domain controller. If that userid and password
is sync'd it will login without asking. Otherwise, it will prompt you.
* If it prompts you, you can type:
Connect as: domain\user
Password: password
* If the server you are connecting to first is a resource server, it's a bit
more complex because the failure will cause you machine to say, try
userid/passwd/yourserveraccountlist. Unless you have a machine account on that
resource server it will fail and prompt you. In that case, just do as above.
Once you've entered the password once there, it will work.
I prefer on a workstation to copy the local Administrator's account to a an
account named after my domain accounts, keep all the domain accounts the same
userid. I log in as my copy of the local Admin account. This means I don't get
a no domain server message and then as long as I hit a domain controller first
before any resource servers, I'm okay. If not, I just have to deal with the
dialog box once.
Bill
More information about the samba-ntdom
mailing list