error with configuring subdomain

Sergey Leschenko ser at
Mon Oct 8 08:24:59 MDT 2012

Am I correct to understand that now more Samba4 no external backends LDAP?
May have any tips to build a structure that I have described?
Two main reasons for this:
- Management structure from a single point (external means, not through 
the AD utilities)
- The possibility of a single point of a list of all users of the 
structure (such as the address book)

04.10.2012 10:51, Andrew Bartlett wrote:
> On Thu, 2012-10-04 at 10:41 +0300, Sergey Leschenko wrote:
>> 04.10.2012 10:34, Andrew Bartlett wrote:
>>> On Thu, 2012-10-04 at 10:21 +0300, Sergey Leschenko wrote:
>>>> Hello, I want to get the configuration of the central tree, the branches
>>>> of which are replicated in the Multi-master mode with his subordinates
>>>> DCs and back. For example:
>>>> There is a central dc.domain.local, which is the main DCs for the
>>>> company (realm DOMAIN.LOCAL).
>>>> There dc.kiev.domain.local (realm KIEV.DOMAIN.LOCAL),
>>>> dc.lviv.domain.local (realm LVIV.DOMAIN.LOCAL), which are the DCs for
>>>> its branches.
>>>> I want that when changes are made to kiev.domain.local, so they
>>>> replicated to DN: dc=kiev,dc=domain,dc=local on the main DC dc.domain.local.
>>>> I thought that this should be used:
>>>> samba-tool domain join domain.local SUBDOMAIN -Uadministrator
>>>> -realm=DOMAIN.LOCAL -parent-domain=domain.local
>>>> Say configuration I want to get possible?
>>> No, it isn't.  This work was started just over a year ago, but it was
>>> never finished.
>>> Sorry,
>>> Andrew Bartlett
>> Are there any prospects for this functionality? Where can I view the
>> status of this development?
> No, there is no prospect of any change at this point.  Development of
> new AD features stalled out this time last year, and since then I've
> been focussed on the changes required to bring the AD server to the 4.0
> release (specifically the file server integration has taken a lot of
> time).
> As new developers take an interest or old developers find the resources
> to work on this again I'll be happy to brief them on the status.
> The first task will be to finish the implementation in 'make test', and
> to the look into if we need to restructure our code to have a common
> winbindd.
> Inter-domain trusts may require significant changes there to cope with
> NTLMSSP logins, but When using only krb5 some functionality may be
> available before that is done.
> The specific error you see may be easily worked around - it seems like
> simply trying to join a DC using the same name already in use - but
> other challenges are much bigger.
> Andrew Bartlett

More information about the samba-technical mailing list