[Samba] PDC for Multiple Domains from a Single Samba Box

Brian Palmer bpalmer at elmco.com
Tue Oct 18 18:00:46 GMT 2005 

I've struggled with this for a couple of weeks, and have looked at countless 
posts and at the Samba documentation collection with no real solution.

I'm setting up a lab that needs to have multiple domains (for machine / user 
segregation politics) for around 40 windows XP professional machines.  I have 
a single Linux server running Suse 9.2.  I would like for this server to be 
able to act as the PDC for N domains.  I am using ldap as the password/ 
account back end running on the same box.  I'm also running dhcpd and DNS on 
this box.

I followed the Samba-How-To to setup 'MEGANET2' and have several of the 
windows boxes participating in that domain with what appears to be success 
(thanks to the writer).  I then, based on what I could find doing google 
searches, created an additional ip address (alias) and an additional smb.conf 
file specifying to bind to the aliased ip address.  I modified the 
samba3.schema file to remove the single-value flag from the sambaSID 
attribute and added additional sambaSIDs for the new domain for all of the 
accounts housed in the ldap tree.  I also added an additional sambaDomain 
entry for the new domain.

I started another smbd and nmbd process using the new smb.conf file.  My 
server now has two each smbd and nmbd processes (each using the different 
smb.conf files).

I can join the new domain from an XP box (using the same administrator account 
as with the other domain), however, when I reboot (as required when a domain 
is joined), none of my user names or passwords work at the logon window (even 
though I pick the new domain from the drop down box).  I get various messages 
ranging from domain not found to user name or password is incorrect.

I've see a couple of posts that say this topic was discussed in detail on the 
list during 2001, but I cannot find the posts.  

1.  Am I trying something that just won't work?
2.  Does a PDC have to belong to the domain? ( I cannot get net -w 'newdomain' 
rpc join -U Administrator%passwd to work for the new domain)
3.  Has anyone got a configuration like this working?
4.  Do I need to be running two nmbds?
5  What about winbindd?

Any help would be greatly appreciated.
 
Thanks,

Brian Palmer
e-mail: palmer at westar.com

More information about the samba mailing list