[Samba] Samba + LDAP + multiple Domains
Andrew Bartlett
abartlet at samba.org
Tue Sep 16 14:11:40 GMT 2003
On Tue, 2003-09-16 at 23:48, Markus Schabel wrote:
> Hello!
>
> Running the new Samba 3.0 with all users in an LDAP directory with the
> new objectClass sambaSamAccount there seems to be a problem with
> multiple domains.
>
> I have some users that are in more than one domain. Previously this was
> no problem, because all domains had access to the same LDAP user account
> and allowed users are controlled with specific filters.
>
> Now the sambaSID contains the domainSID which is different for each
> domain, so that it is not possible to use the same account for more than
> one domain.
>
> How do you solve this? Are trust relationships that mature that they can
> solve this?
Trust relationships are the correct way to deal with this. Any one user
should only have one SID - anything else leads to mayhem at one point or
another.
Or you could just use the 2.2 schema...
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20030916/9def1bed/attachment.bin
More information about the samba
mailing list