[Samba] Re: Samba-OpenLDAP and AD question..

John Little jslittl at hendricks.org
Wed Nov 1 13:04:26 GMT 2006

Hi Andrew..

> On Mon, 2006-10-30 at 13:14 -0800, John Little wrote:
> > Hi all
> >  
> > We have slowly been migrating our NT4 domain to Samba+OpenLDAP.  
> >Today I was told that we were going to to create an AD 'resource' 
> >domain, put all of the workstations in it and create a trust 
> >relationship between the two domains.  In other words the users 
> >would be in the Samba+OpenLDAP domain and the workstations in the AD
> >'resource' domain.  If it matters we have about 1750 workstations 
> >with about 2000 users.
> > 
> > Is this a reasonable model to follow or thing to do?
> It depends on the reasons for creating the resource domain.
> > If we do this what sort of pitfalls, if any, should I expect to encounter?
> > Any ideas, opinions, knowledge of this are greatly appreciated.
> It should work.  In fact, I think I even tested it briefly at my site.
> It will just be an interdomain trust as far as Samba and AD are
> concerned.

My concern is that currently the machines are joined to the NT4 domain (AD has 
not been implemented as of yet).   We have users in the Samba domain 
accessing shares on Windows servers joined to the NT4 domain.  Occasionally 
these users cannot access a share and get a message about the trust 
relationship not working.   This does not occur when the workstation is 
joined to the Samba domain.  The workstations are Win XP pro and Win2k.  Note 
that I am not speaking of logon issues here, just of intermittent share 
access issues.

Since we are a hospital patient safety and care is of utmost priority.  
Translated into IS terms doctors and nurses have to access information 
quickly and when they need it.  Hence my concern about keeping the 
workstations on the NT4 or AD domain.

Are the trust relationships more stable with AD or am I possible missing 
something in my setup that would cause the intermittent access issues?
> Andrew Bartlett

John Little

More information about the samba mailing list