[Samba] Different domains
Jonathan Johnson
jon at sutinen.com
Mon Jun 14 21:25:50 GMT 2004
On Mon, 14 Jun 2004 moof48 at temple.edu wrote:
> Can users/computer be part of different Domains? I've
> noticed that the user/computer needs that DC Sid in it. I
> would like for users/computers to be part of different
> Domains at any given time. Is this possible and how within
> the same ldap entry.
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
>
I'm certain I'll be corrected if I'm wrong, but a workstation can have
an account in only one domain. A user can be listed in multiple
domains, but then you have the issue of password synchronization: the
user can change their password on the domain that their workstation has
an account on, but this will not propagate to the other domain.
If the user 'fred' has an account in DOMAIN02 but not in DOMAIN01, fred
cannot log into a workstation that has been joined to DOMAIN01.
You may want to investigate domain trusts. This allows workstations and
users from one domain access to resources on another domain with a
minimum of fuss once it's configured.
Note that if you are dealing with domains of different versions (i.e.,
DOMAIN01 is Windows NT PDC/BDC and DOMAIN02 is Windows 2003 ADS), then the
higher-version domain MUST NOT be configured in native mode, but in a
compatibility mode.
If one domain is a Small Business Server domain, you can forget about
it, Microsoft has made it impossible. THAT BEING SAID, I have a
customer who has two domains: their workstations are in an NT-style
domain (Small Business Server) and their terminal server is in a
Windows 2003 ADS domain. Because they have the same user name and
password in both domains, they can access resources in either domain
from either domain. Because one is SBS, I cannot set up a domain trust.
Note that Windows 9x/Me doesn't truly reside in a domain (since it does
not participate in domain security); at logon, a user can specify any
domain they wish.
I realize that this does not address Samba specifically, but I believe
it still applies.
--Jonathan Johnson
webmoth at webmoth.com
More information about the samba
mailing list