[Samba] multiple domains and one PDC w/ ldap?
Adam Williams
awilliam at mdah.state.ms.us
Tue Nov 6 16:06:00 GMT 2007
Is it possible to have multiple domains and all of them authenticate to
one PDC running openldap?
Each building at work has a network segment, 10.8.1.x - 10.8.18.x, each
having their own samba server using smbpasswd and DOMAIN name. Like the
server arrowhead 10.8.9.2 has domain = HPADMIN in smb.conf, server
archives 10.8.8.2 has domain = OLDCAPITOL in smb.conf, roark 10.8.2.3
has domain = ADMIN in smb.conf.
I'd like to replace all of these smbpasswd backends with a single LDAP
server and am reading Samba 3 by Example. Would it be possible to have
each server keep its seperate DOMAIN = configuration, but have them all
use the PDC of roark for authentication on its OpenLDAP configuration?
If all the servers much be changed to DOMAIN = ADMIN to work, that will
screw up everyone's registry permissions in their profile since their
registry is owned by for example, HPADMIN\username and then someone else
has OLDCAPITOL\username. but if I change everyone to
ADMIN\theirusername it will screw up their registry permissions for
HKEY_CURRENT_USER, but if I can have all the servers stay as is, but
just authenticate against the PDC or the LDAP database on it. I won't
have that problem. But can the servers join to the PDC even though they
are in different domains?
More information about the samba
mailing list