[PATCH] sam backend parameter

Andrew Bartlett abartlet at samba.org
Thu Oct 3 05:37:00 GMT 2002

Simo Sorce wrote:
> Multi domain DC is never going to happen in samba, it just doesn't make
> sense, as the protocols used (eg. SMB) will not be able to support such
> thing, so please let's stop to talk about multi-DC samba.

I'm not so sure on this one.

Some parts of the protocol might need to be told 'if not specified, use
this', but I'm not sure the statement holds across everything.

For example, I don't see any reason why we can't 'pretend' that any
secondary domain is a 'trusted domain'.  This would allow (for example)
a resource DC, which has each machine in it, but no users, and an
organizational DC to coexist nicely.  (This is quite a common setup,

The advantage is that this one installation could have the
'organizational' users in replicated LDAP, so it would not need to make
external connections for authentication.

For the rare cases where clients contact the trusted domain directly, we
could have either a separate Samba on another IP, or they could contact
the remote DC directly.

I see this as a powerful way to push Samba into places that it currently
can't go, and I would like a chance to explore it.

Andrew Bartlett
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net

More information about the samba-technical mailing list