[Samba] Re: multiple domains and one PDC w/ ldap?

Orion Poplawski orion at cora.nwra.com
Mon Feb 25 22:21:18 GMT 2008

I'm not really interested in resolving user information on Unix from a 
Windows server.  I'm interested in having a single user entry in the 
LDAP database be able to log into multiple Windows domains.  It appears 
that the only way that this can be accomplished is via trusts?

Adam Williams wrote:
> i think you should be able to do that with winbind.  see figure 12.1 at 
> http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/groupmapping.html#id367144 
> or page 232 here http://us1.samba.org/samba/docs/Samba3-HOWTO.pdf
> Orion Poplawski wrote:
>> Adam Williams wrote:
>>> What about just having a dc=ldap,dc=your,dc=domain with all the user 
>>> accounts in it, and then every samba PDC use passdb backend = 
>>> ldapsam:ldap://ldap.your.domain
>>> Basically I just want it so all the username/passwords are in a 
>>> central location so when a user does ctrl-alt-del and clicks change 
>>> password, it will change their windows logon password, their email 
>>> password, etc.
>> I'd like the same functionality too.  We're looking to implement a 
>> company wide LDAP user database but keep the individual office 
>> domains, but we'd like to have users be able to be members of multiple 
>> domains so that they can log in in the different offices.
>> I found an old post on the subject with a patch here:
>> http://lists.samba.org/archive/samba-technical/2003-December/033422.html
>> I updated it for more recent 3.0.2X here:
>> http://www.cora.nwra.com/~orion/fedora/samba-3.0.28-multidomain.patch
>> Seems to compile okay, but I have gotten to testing it yet.  Seems 
>> like it would a nice thing to be able to do though.  Any idea if 3.2 
>> or 4.0 will be able to do this in some way?

Orion Poplawski
Technical Manager                     303-415-9701 x222
NWRA/CoRA Division                    FAX: 303-415-9702
3380 Mitchell Lane                  orion at cora.nwra.com
Boulder, CO 80301              http://www.cora.nwra.com

More information about the samba mailing list