[Samba] Re: Samba-OpenLDAP and AD question..
abartlet at samba.org
Wed Nov 1 20:34:58 GMT 2006
On Wed, 2006-11-01 at 08:04 -0500, John Little wrote:
> Hi Andrew..
> > On Mon, 2006-10-30 at 13:14 -0800, John Little wrote:
> > > Hi all
> > >
> > > We have slowly been migrating our NT4 domain to Samba+OpenLDAP.
> > >Today I was told that we were going to to create an AD 'resource'
> > >domain, put all of the workstations in it and create a trust
> > >relationship between the two domains. In other words the users
> > >would be in the Samba+OpenLDAP domain and the workstations in the AD
> > >'resource' domain. If it matters we have about 1750 workstations
> > >with about 2000 users.
> > >
> > > Is this a reasonable model to follow or thing to do?
> > It depends on the reasons for creating the resource domain.
> > > If we do this what sort of pitfalls, if any, should I expect to encounter?
> > > Any ideas, opinions, knowledge of this are greatly appreciated.
> > It should work. In fact, I think I even tested it briefly at my site.
> > It will just be an interdomain trust as far as Samba and AD are
> > concerned.
> My concern is that currently the machines are joined to the NT4 domain (AD has
> not been implemented as of yet). We have users in the Samba domain
> accessing shares on Windows servers joined to the NT4 domain. Occasionally
> these users cannot access a share and get a message about the trust
> relationship not working. This does not occur when the workstation is
> joined to the Samba domain. The workstations are Win XP pro and Win2k. Note
> that I am not speaking of logon issues here, just of intermittent share
> access issues.
> Since we are a hospital patient safety and care is of utmost priority.
> Translated into IS terms doctors and nurses have to access information
> quickly and when they need it. Hence my concern about keeping the
> workstations on the NT4 or AD domain.
> Are the trust relationships more stable with AD or am I possible missing
> something in my setup that would cause the intermittent access issues?
I don't think the technology is fundamentally unstable. I had a setup
like this for I think a couple of years, with all users being in the
If there are issues, I would first chase them down 'as is'. I don't
think AD would be more or less stable, but clearly you must validate
anything you do to your complete satisfaction (presumably in a realistic
test lab environment) before deploying anything to safety critical
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc. http://redhat.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20061102/bfb9c066/attachment.bin
More information about the samba