[Samba] Multiple domains served by a single LDAP tree

Matiu Carr m.carr at auckland.ac.nz
Tue Feb 28 12:54:04 GMT 2006


> My question, then, is do people here put together multiple 
> NT4/Samba
> domains using a single LDAP backend? I'm betting not. 
> Assuming that's
> the case, from Windows, how does one assign permissions 
> and whatnot?
> From a single large flatspace containing every user and 
> group? If not,
> how are they separated?

What you describe resembles a user domain + multiple 
resource domain NT/AD construction.
The local domains implement policy that "restricts" access 
to subsets of the total pool.
If all the domains trust the same user domain, permissions 
are straightforward, and interdomain trusts are not 
required.


    Mat at home
    --
    Matiu Carr   < m.carr at auckland.ac.nz>
    http://www.people.auckland.ac.nz/Mat/



More information about the samba mailing list