[Samba] one ldap server and multiple samba PDC domains

Mohammad Reza Hosseini mrhosseini1367 at gmail.com
Sun Oct 26 04:51:23 GMT 2008


the problem is that we need different domains but there are users that
should be able to login in to all domains and also there is a public domain
which every body could use to login so if we use multiple LDAP servers
managing their properties for example passwords is difficult since when a
user changes password then the password must be set in all LDAP servers.

2008/10/23 Andrew Bartlett <abartlet at samba.org>

> On Mon, 2008-10-20 at 08:57 +0330, Mohammad Reza Hosseini wrote:
> > hello
> >
> > Is it possible to have multiple samba servers so multiple samba PDC
> domains
> > but just one ldap server ? (so users in ldap can login to diffrent
> domains
> > but we add them just one time)
> > if yes how?
>
> In short, don't.  A lot of folks have got themselves into a lot of
> trouble doing this, as it is not a tested or supported configuration.
>
> The only option is to ensure that each Samba domain cannot see the users
> of the other domain - the suffixes must be different.  But then why even
> share the LDAP server?
>
> I strongly suggest running a single domain for a single organisation,
> backed by a single LDAP server (or replicated set of LDAP servers).
>
> Andrew Bartlett
>
> --
> Andrew Bartlett
> http://samba.org/~abartlet/ <http://samba.org/%7Eabartlet/>
> Authentication Developer, Samba Team           http://samba.org
> Samba Developer, Red Hat Inc.
>


More information about the samba mailing list