[Samba] one ldap server and multiple samba PDC domains

Sven Buchstaller ask at quickline.de
Thu Oct 23 08:24:44 GMT 2008


The short answer is that it is a very bad practice to use and poor design to 
use a single DIT across multiple domains.  It is much smarter to design and 
implement a separate DIT per domain

Greets Sven

Am Donnerstag 23 Oktober 2008 02:45:46 schrieb Andrew Bartlett:
> On Mon, 2008-10-20 at 08:57 +0330, Mohammad Reza Hosseini wrote:
> > hello
> >
> > Is it possible to have multiple samba servers so multiple samba PDC
> > domains but just one ldap server ? (so users in ldap can login to
> > diffrent domains but we add them just one time)
> > if yes how?
>
> In short, don't.  A lot of folks have got themselves into a lot of
> trouble doing this, as it is not a tested or supported configuration.
>
> The only option is to ensure that each Samba domain cannot see the users
> of the other domain - the suffixes must be different.  But then why even
> share the LDAP server?
>
> I strongly suggest running a single domain for a single organisation,
> backed by a single LDAP server (or replicated set of LDAP servers).
>
> Andrew Bartlett




More information about the samba mailing list