[Samba] Samba 3.0.0 & LDAP: multiple domains logon

[Gerald (Jerry) Carter]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

werner maes wrote:
| At 10:44 1/10/2003, Gerald (Jerry) Carter wrote:
|
|> -----BEGIN PGP SIGNED MESSAGE-----
|> Hash: SHA1
|>
|> werner maes wrote:
|> |
|> |     Hello,
|> |
|> | If you use samba 3.0.0 with LDAP authentication, samba uses an ldap
|> | attribute "sambaSID" in which the domain SID is stored. When somebody
|> | does a domain logon (2000/XP) this attribute is checked. But suppose I
|> | would like to login to another domain? Can I define multiples
|> sambaSID's
|> | or is this attribute unique? If it's unique, how can I login to
|> multiple
|> | domains?
|>
|> You can't.  This was one of the drawbacks of moving to SID's
|> as opposed to RID's.  However, you can setup truated Samba
|> domains thus grouping users but still being able to logon to
|> clients in other domains.
|
|
| What do you mean by "truated Samba domains"?
| Could you explain some more?

Arghh...my typing skills strike again.

I mean to say "trusted" samba domains.  In other
words, setup different Samba domains for groups of
users (students, accounting, sales, etc...)  and then
establish trust relationships between the DC's.

Or you can setup a single domain with multiple Samba
BDC's.





cheers, jerry
~ ----------------------------------------------------------------------
~ Hewlett-Packard            ------------------------- http://www.hp.com
~ SAMBA Team                 ---------------------- http://www.samba.org
~ GnuPG Key                  ---- http://www.plainjoe.org/gpg_public.asc
~ "You can never go home again, Oatman, but I guess you can shop there."
~                            --John Cusack - "Grosse Point Blank" (1997)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE/evrgIR7qMdg1EfYRAq/KAKDzFrKAw2dpwkwPQthvEaYVl8ulyQCg1yKB
0D+jflDSaDvZNPghpbvbeNY=
=GIYr
-----END PGP SIGNATURE-----