[Samba] two subnets, one domain, several DCs?

Paul Gienger pgienger at ae-solutions.com
Fri Mar 12 23:16:35 GMT 2004 

The situation I've got is that I want to make one domain, and then use 
it on several different subnets.  I have 3 subnets, 10.1.x.x, 10.2 and 
10.3, all physically remote, but connected by a frees/wan tunnel that is 
working just fine.  We also have working LDAP logins and all that is 
fine.   I have gotten as far as getting my domain going on LDAP within 
one subnet, but now I'm trying to add the second one. 

I've got a second box on the remote subnet that can get connected to 
ldap, and authenticate users just fine, i.e. I can browse to it from 
wherever I need to come from, off of a machine that is connected to the 
server on subnet 1.  The problem arises when I try to join the domain 
from the second subnet.  I am entirely unclear on what configuration I 
need on the second box to make the domain join work.  I tried once with 
the same smb.conf from the first machine, at which point I could get 
joined just fine, but could not log in.  Now I have machine 2 in more of 
a non-master setup, basically just a domain master = no, and I can't get 
joined at all.  The smb.conf  of the 'master' is attached to the end of 
this post.

I've seen in the archives several people claiming that this is possible, 
but never giving any direction as to what to try.  I also remember 
seeing something about using seperate domains, but then sharing the LDAP 
data storage.  Would this be done by just changing the SID of all the 
domains to match?  Which of the two is a more reliable solution?  I'd 
lean toward the former, but I'm open to suggestions.

[global]
        workgroup = AE3
        server string =
        passdb backend = ldapsam:ldap://ldap1.fargo.ae-solutions.com
        pam password change = Yes
        log level = 2
        log file = /var/log/samba/log.%m
        max log size = 50
        add group script = /usr/local/sbin/smbldap-groupadd -p
        add user to group script = /usr/local/sbin/smbldap-groupmod -m
        delete user from group script = /usr/local/sbin/smbldap-groupmod -x
        set primary group script = /usr/local/sbin/smbldap-usermod -g
        add machine script = /usr/local/sbin/smbldap-useradd -w
        logon script = logon.cmd
        logon path = \\fgoserv\profiles\%U
        logon drive = H:
        logon home = \\fgoserv\%U
        domain logons = Yes
        dns proxy = No
        wins support = Yes
        ldap suffix = dc=ae-solutions,dc=com
        ldap machine suffix = ou=Computers
        ldap user suffix = ou=People
        ldap group suffix = ou=Group
        ldap admin dn = cn=Manager,dc=ae-solutions,dc=com
        ldap ssl = no
        ldap passwd sync = Yes


-- 
Paul Gienger                     Office:		701-281-1884
Applied Engineering Inc.         Cell:			701-306-6254
Information Systems Consultant   Fax:			701-281-1322
URL: www.ae-solutions.com        mailto:pgienger at ae-solutions.com

More information about the samba mailing list