[Samba] Samba/LDAP Domains and multiple File Servers

[Craig White]

On Tue, 2006-03-21 at 09:26 -0500, Matt Ingram wrote:
> Hi All,
> 
> I have a domain setup soon to go into production.  We have 3 buildings, 
> each containing a fileserver for that buildings users (home drives/share 
> drives).   I've been using the smbldap-tools on the PDC, which is all 
> working fine.  Is it possible to join another server to the domain, also 
> using the smbldap-tools, with a different config, that will setup a 
> users home drive, etc on that server, or will a setup like this need to 
> be done manually?   I have a test BDC that I've been playing with trying 
> to do this, but if I do smbldap-useradd from the BDC the user can't get 
> logged on with an error message "A device attached to the system is not 
> functioning" on the windows client (the account does get setup in 
> ldap).  In the smbldap-tools config I used the SID of the BDC, which I'm 
> guessing might be my problem... should I change that to the SID of the PDC?
----
why fly by the seat of your pants on this when the documentation tells
you what you need to know?

see http://www.samba.org/samba/docs - the "By Example" where it
discusses PDC's and BDC's and how to manage them
----
> 
> Also, with a samba/ldap domains setup - how can I allow a user to have 
> shell access on one server on the domain, but not on the other servers 
> on the domain?  Can this be done through the domain/ldap, or in this 
> scenario will shell logons have to be managed locally on the individual 
> servers ?
----
I'm quite certain that is possible but I haven't done it. It is not a
samba question at all but working through your LDAP implementation as it
relates to the posix structures on each UNIX/Linux system that you offer
shell accounts and thus, well out of the scope of this list.

Craig