[Samba] Multiple subnets, multiple domains and one LDAP

John H Terpstra jht at samba.org
Wed Feb 4 18:30:51 GMT 2009

On Wednesday 04 February 2009 12:02:55 David Wells wrote:
> Hi all.
>     I'm being asked to connect two networks, each having it's own PDC
> and it's own LDAP backend. I would like to know if it's possible to make
> both PDC's serve each a different domain with a single LDAP backend and
> having users from DOMAIN1 roaming to DOMAIN2 and viceversa.
>     If it's of any use I have, in the past, set up a PDC+BDC
> configuration having replicating LDAP directories in two different
> locations (following the documentation of "The Official Samba 3.0.x
> HOWTO and Reference Guide" and "Samba-3 by Example") but I've been
> googling this one up and couldn't find any relevant information.
>     Any help would be greatly appreciated. Thank you very much in advance.
>     David Wells.


It is certainly possible to have a shared LDAP server for two separate 
domains, but please make certain that each domain has its own DIT. 

For example. for domains DOM-A and DOM-B use in the one LDAP tree:

The sharing of users between two separate domains does not work.  If users 
from one domain need access into the resources of another domain that should 
be done via trust relationships.

- John T.
John H Terpstra

"If at first you don't succeed, don't go sky-diving!"

More information about the samba mailing list