[Samba] Samba + LDAP + multiple Domains

Andrew Bartlett abartlet at samba.org
Tue Sep 16 14:11:40 GMT 2003


On Tue, 2003-09-16 at 23:48, Markus Schabel wrote:
> Hello!
> 
> Running the new Samba 3.0 with all users in an LDAP directory with the
> new objectClass sambaSamAccount there seems to be a problem with
> multiple domains.
> 
> I have some users that are in more than one domain. Previously this was
> no problem, because all domains had access to the same LDAP user account
> and allowed users are controlled with specific filters.
> 
> Now the sambaSID contains the domainSID which is different for each
> domain, so that it is not possible to use the same account for more than
> one domain.
> 
> How do you solve this? Are trust relationships that mature that they can
> solve this?

Trust relationships are the correct way to deal with this.  Any one user
should only have one SID - anything else leads to mayhem at one point or
another.

Or you could just use the 2.2 schema...

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20030916/9def1bed/attachment.bin


More information about the samba mailing list