[Samba] multiple domains and one PDC w/ ldap?

Adam Williams awilliam at mdah.state.ms.us
Tue Nov 6 16:06:00 GMT 2007

Is it possible to have multiple domains and all of them authenticate to 
one PDC running openldap?

Each building at work has a network segment, 10.8.1.x - 10.8.18.x, each 
having their own samba server using smbpasswd and DOMAIN name.  Like the 
server arrowhead has domain = HPADMIN in smb.conf, server 
archives has domain = OLDCAPITOL in smb.conf, roark 
has domain = ADMIN in smb.conf.

I'd like to replace all of these smbpasswd backends with a single LDAP 
server and am reading Samba 3 by Example.  Would it be possible to have 
each server keep its seperate DOMAIN = configuration, but have them all 
use the PDC of roark for authentication on its OpenLDAP configuration?  
If all the servers much be changed to DOMAIN = ADMIN to work, that will 
screw up everyone's registry permissions in their profile since their 
registry is owned by for example, HPADMIN\username and then someone else 
has OLDCAPITOL\username.  but if I change everyone to 
ADMIN\theirusername it will screw up their registry permissions for 
HKEY_CURRENT_USER, but if I can have all the servers stay as is, but 
just authenticate against the PDC or the LDAP database on it. I won't 
have that problem.  But can the servers join to the PDC even though they 
are in different domains?

More information about the samba mailing list