[Samba] security = user, multiple Sambas, shared LDAP
Daniel Pocock
daniel at pocock.com.au
Wed Feb 27 08:48:17 GMT 2008
Adam Williams wrote:
> security = domain is for domain member servers, which are servers that
> are part of the domain but don't authenticate users, handle roaming
> profiles, etc. basically you'd use them for print servers, or more
> file shares.
>
> why don't you just have a PDC and use BDCs? sure you can have a bunch
> of domains and PDCs, but if its all for the same company, just go with
> the PDC and then a BDC on each subnet. PDCs and BDCs both use
> security = user
There are two issues:
a) The workstations log on to another domain, managed by AD, and I don't
want to integrate Samba with that domain
b) I want each Samba server to be able to operate independently, but
give the users the convenience of a single password for all servers
I'm quite happy to create a Samba PDC, but if I can just make the Samba
servers operate as standalone servers using a common workgroup name, is
that more convenient to setup and more fault tolerant?
>
> Daniel Pocock wrote:
>>
>>
>>
>> Consider the following scenario:
>>
>> - a single OpenLDAP server, with a single instance of the object
>> class sambaDomain and a single SID:
>>
>> dn: sambaDomainName=myserver,ou=samba,dc=example,dc=com
>> objectClass: sambaDomain
>> sambaDomainName: MYGROUP
>> sambaSID: S-1-2-3
>>
>> - multiple Samba servers, each with the following configuration:
>>
>> security = user
>> workgroup = MYGROUP
>>
>> Is this a valid configuration? Or does the SMB protocol require the
>> domain security to be used (security = domain) when all servers share
>> a single LDAP backend?
>>
>> Regards,
>>
>> Daniel
>
More information about the samba
mailing list