[Samba] 4 samba domains/one ldap backend/2 methods/which to use?

Andrew Bartlett abartlet at samba.org
Tue Feb 3 09:14:29 GMT 2004 

On Tue, 2004-02-03 at 09:44, Barry Smoke wrote:
> in both methods tried, we can't successfully add xp machines to the 
> domain at the remote locations
> main samba is on our main campus, behind a 10.10 internal lan
> remote samba's are on remote campuses, behind a 10.xx network
> 10.11
> 10.12
> 
> all connected with our internal lan via VPN
> ######################################################################
> Method 1) ALL PDC's, using same ldap database(thus inherant problems, 
> allusers have SID's generated with primary domain's SID)

You cannot share users between domains.  If the user is in one domain,
it *must not* be visible to the other domains, you must use a seperate
ldap suffix.

> #######################################################################
> Method 2) believeing method 1 had something to do with an SID problem,
> we proceeded to set up the remote locations as BDC's
> 
> a)set up master ldap server, and samba server on same machine,
> b) set up replica's and referrals back to master
> c) set up remote servers as BDC's using same SID
> d)set up SID in smbldaptools to be the same
> 
> results:
> samba added the xp machines to the domain, but we could not log in upon 
> reboot.

Check your replication, and use Samba 3.0.1, with the 'ldap replication
sleep' parameter.  This allows you to make the system wait until the
slave LDAP server has caught up.

> questions:
> on method1 above, we have some users that get special shares based upon 
> the %m, meaning the domain they put to log in box.

%m is the machine name they login from.

> This works on the pdc, but we can't get it to work on a BDC.(Why don't 
> domain aliases work on a BDC?)

I'm not sure what you mean here.

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20040203/230ee438/attachment.bin

More information about the samba mailing list