[Samba] Multiple domains served by a single LDAP tree

David B Harris dbharris at eelf.ddts.net
Tue Feb 28 14:40:33 GMT 2006


On Wed Mar 01, 01:54am +1300, Matiu Carr wrote:
> What you describe resembles a user domain + multiple 
> resource domain NT/AD construction.
> The local domains implement policy that "restricts" access 
> to subsets of the total pool.
> If all the domains trust the same user domain, permissions 
> are straightforward, and interdomain trusts are not 
> required.

True, and that's obviously an option. However, there are three things
I'm trying to accomplish:

    1) This network is being built from scratch, and I'm trying to do
       things in such a way that everything won't need to be rebuilt
       entirely a year or two down the line.
    2) We're a small but rapidly-growing group, and it won't be too long
       before we have one or more administratively separate domains.
       That means multiple authentication servers; I'm hoping there's a
       better way to do it in a Samba-exclusive environment than
       inter-domain trusts.
    3) My users will be much happier if they see "EXEC\TheBoss" as
       and "DEVEL\LowLevelMonkey" as opposed to "EVERYBODY\TheBoss" and
       "EVERYBODY\LowLevelMonkey"

-- 
     Arguing with an engineer is like wrestling with a pig in mud.
	   After a while, you realise the pig is enjoying it.

		   OpenPGP v4 key ID: 4096R/59DDCB9F
    Fingerprint: CC53 F124 35C0 7BC2 58FE  7A3C 157D DFD9 59DD CB9F
		     Retrieve from subkeys.pgp.net


More information about the samba mailing list