[Samba] 4 samba domains/one ldap backend/2 methods/which to use?
Andrew Bartlett
abartlet at samba.org
Tue Feb 3 09:14:29 GMT 2004
On Tue, 2004-02-03 at 09:44, Barry Smoke wrote:
> in both methods tried, we can't successfully add xp machines to the
> domain at the remote locations
> main samba is on our main campus, behind a 10.10 internal lan
> remote samba's are on remote campuses, behind a 10.xx network
> 10.11
> 10.12
>
> all connected with our internal lan via VPN
> ######################################################################
> Method 1) ALL PDC's, using same ldap database(thus inherant problems,
> allusers have SID's generated with primary domain's SID)
You cannot share users between domains. If the user is in one domain,
it *must not* be visible to the other domains, you must use a seperate
ldap suffix.
> #######################################################################
> Method 2) believeing method 1 had something to do with an SID problem,
> we proceeded to set up the remote locations as BDC's
>
> a)set up master ldap server, and samba server on same machine,
> b) set up replica's and referrals back to master
> c) set up remote servers as BDC's using same SID
> d)set up SID in smbldaptools to be the same
>
> results:
> samba added the xp machines to the domain, but we could not log in upon
> reboot.
Check your replication, and use Samba 3.0.1, with the 'ldap replication
sleep' parameter. This allows you to make the system wait until the
slave LDAP server has caught up.
> questions:
> on method1 above, we have some users that get special shares based upon
> the %m, meaning the domain they put to log in box.
%m is the machine name they login from.
> This works on the pdc, but we can't get it to work on a BDC.(Why don't
> domain aliases work on a BDC?)
I'm not sure what you mean here.
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20040203/230ee438/attachment.bin
More information about the samba
mailing list