[Samba] ldap, shared passwords, no domains?

Christ Schlacta lists at aarcane.org
Fri Feb 11 20:17:24 MST 2011

I've got a (semi) working setup using openldap and samba in a domain 
where user passwords are shared across multiple samba based PDCs (As per 
suggestions from this list, all samba machines are PDC or BDC).  These 
systems are designed to provide a collection of file services with a 
unified username/password to an assortment of laptops and desktops which 
may not be permanently joined to the domain.  as it turns out, running a 
domain for single signon causes a bunch of problems, not the least of 
which are:
1) permissions cannot be set for printers without joining a system to 
the domain, then local users can't print from joined systems (but can 
print from non-joined systems, wth?), which leads to..
2) After a trial join, it became immediately apparent that even joining 
the domain was infeasable for any period of time.
3) browsing domain+workgroup computers doesn't always work properly.

At the end of the day I've come to a conclusion.  it's time to separate 
these two systems into non-domain samba servers.  However, I still want 
to have them use the single LDAP directory to handle a central password 
repository.  can they do this?  will I be able to have two different 
systems with different domains (host names) and SIDs have unified 
passwords using ldap ?  or will I have to resort back to using local 
smbpasswd stores?

More information about the samba mailing list