[Samba] multiple domains and one PDC w/ ldap?

samba at piven.org samba at piven.org
Tue Nov 6 22:58:02 GMT 2007


Adam Williams wrote:
> Is it possible to have multiple domains and all of them authenticate to 
> one PDC running openldap?
> 
> Each building at work has a network segment, 10.8.1.x - 10.8.18.x, each 
> having their own samba server using smbpasswd and DOMAIN name.  Like the 
> server arrowhead 10.8.9.2 has domain = HPADMIN in smb.conf, server 
> archives 10.8.8.2 has domain = OLDCAPITOL in smb.conf, roark 10.8.2.3 
> has domain = ADMIN in smb.conf.
> 
> I'd like to replace all of these smbpasswd backends with a single LDAP 
> server and am reading Samba 3 by Example.  Would it be possible to have 
> each server keep its seperate DOMAIN = configuration, but have them all 
> use the PDC of roark for authentication on its OpenLDAP configuration?

You can't use a single PDC, but you can have all your inidividual PDCs 
use the same LDAP server as a backend -- you just reconfigure each of 
the existing domain controllers with its own base distinguished name 
within the LDAP server... e.g.:

	dc=hpadmin,dc=your,dc=domain
	dc=oldcapitol,dc=your,dc=domain
	dc=admin,dc=your,dc=domain

Migrating the accounts from the local smbpasswd to LDAP is left as an 
exercise for the sysadmin :-) but as long as you give each domain its 
own branch in your LDAP database, you should not run into problems.

Don Piven


More information about the samba mailing list