[Samba] Samba with multiple domains with LDAP backend

Mon Feb 28 04:00:17 MST 2011

Hi Lorenzo,

Unfortunately, I use tdbsam.
I'm happy though to share the result of my researches.
Don't think it wrong, I'm *not* a master, just a beginner a few days ahead
of you on that subject.

I create one directory per domain:
/domain_one/etc/samba/      # Where I put config files
 /domain_one/homes/          # Where I put users home directory
/domain_one/shares/         # Where I put domain shares
/domain_one/var/lib/samba/  # Where Samba stores tdb files
/domain_one/var/log/samba/  # Where Samba stores log files
/domain_one/var/run/samba/  # Where Samba stores pid files
/domain_two/etc/samba/
 /domain_two/homes/
/domain_two/shares/
/domain_two/var/lib/
/domain_two/var/log/
/domain_two/var/run/

Config file for domain_one: /domain_one/etc/samba/smb.conf
In red the values that you have to change for each domain.
You can't use the same netbios name and you have to bind to a different
interface each time.
[global]
# Names definition...
workgroup = *domain_one*
netbios name = *server_one*
server string = Galaxy
interfaces = *eth0*
bind interfaces only = yes
# Filesystem...
private dir =    /domain_one/var/lib/samba
lock directory = /domain_one/var/lib/samba
log file =       /domain_one/var/log/samba/log.%m
pid directory =  /domain_one/var/run/samba
# Server type...
preferred master = yes
domain master = yes
domain logons = yes
time server = yes
passdb backend = tdbsam

I also changed the basic /etc/init.d/samba file and created one per domain:
for example /etc/init.d/samba-domain_one:
start-stop-daemon --start --quiet --oknodo --exec /usr/sbin/nmbd --pidfile /
*domain_one*/var/run/samba/nmbd-smb.conf.pid -- -D -s /*domain_one*
/etc/samba/smb.conf
start-stop-daemon --start --quiet --oknodo --exec /usr/sbin/smbd --pidfile /
*domain_one*/var/run/samba/smbd-smb.conf.pid -- -D -s /*domain_one*
/etc/samba/smb.conf

I have to say, I have no idea what ldap is but I'd be interested in your
configuration too.
I here about ldap very often.

Cheers
---
*Santiago DIEZ
Directeur
*+33 6 37 90 81 98
+33 9 70 44 77 87

2011/2/28 Lorenzo Milesi <lorenzo.milesi at yetopen.it>

> > I just finished configuring multiple domains on one server (debian +
> > samba).
>
> Do you use LDAP as backend?
> If so, would you share configuration, and possibly an howto or something
> like that?
>
> thanks
> lorenzo
>
> --
> Lorenzo Milesi - lorenzo.milesi at yetopen.it
>
> YetOpen S.r.l. - http://www.yetopen.it/
> Via Carlo Torri Tarelli 19 - 23900 Lecco - ITALY -
> Tel 0341 220 205 - Fax 178 6070 222
>
> GPG/PGP Key-Id: 0xE704E230 - http://keyserver.linux.it
>
> -------- D.Lgs. 196/2003 --------
>
> Si avverte che tutte le informazioni contenute in questo messaggio sono
> riservate ed a uso esclusivo del destinatario. Nel caso in cui questo
> messaggio Le fosse pervenuto per errore, La invitiamo ad eliminarlo
> senza copiarlo, a non inoltrarlo a terzi e ad avvertirci non appena
> possibile.
> Grazie.
>
>