[Samba] security = user, multiple Sambas, shared LDAP

Adam Williams awilliam at mdah.state.ms.us
Wed Feb 27 03:47:05 GMT 2008

security = domain is for domain member servers, which are servers that 
are part of the domain but don't authenticate users, handle roaming 
profiles, etc.  basically you'd use them for print servers, or more file 

why don't you just have a PDC and use BDCs?  sure you can have a bunch 
of domains and PDCs, but if its all for the same company, just go with 
the PDC and then a BDC on each subnet.  PDCs and BDCs both use security 
= user

Daniel Pocock wrote:
> Consider the following scenario:
> - a single OpenLDAP server, with a single instance of the object class 
> sambaDomain and a single SID:
> dn: sambaDomainName=myserver,ou=samba,dc=example,dc=com
> objectClass: sambaDomain
> sambaDomainName: MYGROUP
> sambaSID: S-1-2-3
> - multiple Samba servers, each with the following configuration:
>   security = user
>   workgroup = MYGROUP
> Is this a valid configuration?  Or does the SMB protocol require the 
> domain security to be used (security = domain) when all servers share 
> a single LDAP backend?
> Regards,
> Daniel

More information about the samba mailing list