[Samba] Samba + LDAP + multiple Domains

Andrew Bartlett abartlet at samba.org
Tue Sep 16 14:11:40 GMT 2003

On Tue, 2003-09-16 at 23:48, Markus Schabel wrote:
> Hello!
> Running the new Samba 3.0 with all users in an LDAP directory with the
> new objectClass sambaSamAccount there seems to be a problem with
> multiple domains.
> I have some users that are in more than one domain. Previously this was
> no problem, because all domains had access to the same LDAP user account
> and allowed users are controlled with specific filters.
> Now the sambaSID contains the domainSID which is different for each
> domain, so that it is not possible to use the same account for more than
> one domain.
> How do you solve this? Are trust relationships that mature that they can
> solve this?

Trust relationships are the correct way to deal with this.  Any one user
should only have one SID - anything else leads to mayhem at one point or

Or you could just use the 2.2 schema...

Andrew Bartlett

Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20030916/9def1bed/attachment.bin

More information about the samba mailing list