[Samba] Multiple server theory

Craig White craigwhite at azapple.com
Fri Dec 19 05:00:55 GMT 2003

On Thu, 2003-12-18 at 13:45, Craig White wrote:
> 3 computers...
> - WinNT4 - presently PDC-soon BDC - some file serving - print serving -
> AV server
> - Linux 1 - presently joined to domain - slave DNS/LDAP - primary file
> server - primary SMB HOME/PROFILES and SHARES
> - Linux 2 - presently BDC-soon PDC - web & mail server - master DNS/LDAP
> - DHCP server
> Should I be running winbind on Linux 1?
> Does Samba 3.0.0 with LDAP obviate the need to fix signorseal registry
> on WinXP Prof clients? How about if I get kerberos working? 
> Thanks,
replying to my own post - I have now read the excellent documentation
and found out most of these answers which gives me perhaps simpler

1 - Group (Linux) - Groups (Windows) seems to confusing to me so I
mapped Groups to Group in the smbldap-tools and the nss/ldap.conf so I
would only have one group called Group. This seems reasonable to me - is
there a problem with that thinking?

2 - Now I know, I can't have WinNT PDC or BDC and thus have 3 choices...
 a) create a new domain and set up a trust between the two - still
leaves me without a BDC for original domain.
 b) reformat/reinstall WinNT on current PDC and make it a server on
Linux managed domain
 c) turn off logon services (never done this on NT domain controller but
presume that it can be somewhat disabled) - anyone done anything down
this path?

3 - If I make a new domain and set up trusts between old domain and new
domain - do I have to then add the group Groups to get continuity
(proper mapping) between the two domains?

4 - I can't discern the significance of having the local users with
uid's 500+ and sambaSamAccount/uid's 1000+ and I'm thinking that this
convention came into being only to make it simpler to identify. Am I
missing something? It would seem that a uid in any range could have
objectclasses with sambaSamAccount and/or posixAccounts 



More information about the samba mailing list