[Samba] Multiple subnets, multiple domains and one LDAP
John H Terpstra
jht at samba.org
Wed Feb 4 18:30:51 GMT 2009
On Wednesday 04 February 2009 12:02:55 David Wells wrote:
> Hi all.
>
> I'm being asked to connect two networks, each having it's own PDC
> and it's own LDAP backend. I would like to know if it's possible to make
> both PDC's serve each a different domain with a single LDAP backend and
> having users from DOMAIN1 roaming to DOMAIN2 and viceversa.
>
> If it's of any use I have, in the past, set up a PDC+BDC
> configuration having replicating LDAP directories in two different
> locations (following the documentation of "The Official Samba 3.0.x
> HOWTO and Reference Guide" and "Samba-3 by Example") but I've been
> googling this one up and couldn't find any relevant information.
>
> Any help would be greatly appreciated. Thank you very much in advance.
> David Wells.
David,
It is certainly possible to have a shared LDAP server for two separate
domains, but please make certain that each domain has its own DIT.
For example. for domains DOM-A and DOM-B use in the one LDAP tree:
dc=doma,dc=example,dc=com
dc=domb,dc=example,dc=com
The sharing of users between two separate domains does not work. If users
from one domain need access into the resources of another domain that should
be done via trust relationships.
- John T.
--
John H Terpstra
"If at first you don't succeed, don't go sky-diving!"
More information about the samba
mailing list