[Samba] Multiple domains served by a single LDAP tree
David B Harris
dbharris at eelf.ddts.net
Tue Feb 28 14:40:33 GMT 2006
On Wed Mar 01, 01:54am +1300, Matiu Carr wrote:
> What you describe resembles a user domain + multiple
> resource domain NT/AD construction.
> The local domains implement policy that "restricts" access
> to subsets of the total pool.
> If all the domains trust the same user domain, permissions
> are straightforward, and interdomain trusts are not
> required.
True, and that's obviously an option. However, there are three things
I'm trying to accomplish:
1) This network is being built from scratch, and I'm trying to do
things in such a way that everything won't need to be rebuilt
entirely a year or two down the line.
2) We're a small but rapidly-growing group, and it won't be too long
before we have one or more administratively separate domains.
That means multiple authentication servers; I'm hoping there's a
better way to do it in a Samba-exclusive environment than
inter-domain trusts.
3) My users will be much happier if they see "EXEC\TheBoss" as
and "DEVEL\LowLevelMonkey" as opposed to "EVERYBODY\TheBoss" and
"EVERYBODY\LowLevelMonkey"
--
Arguing with an engineer is like wrestling with a pig in mud.
After a while, you realise the pig is enjoying it.
OpenPGP v4 key ID: 4096R/59DDCB9F
Fingerprint: CC53 F124 35C0 7BC2 58FE 7A3C 157D DFD9 59DD CB9F
Retrieve from subkeys.pgp.net
More information about the samba
mailing list