[Samba] Multiple Standalone Servers With Single LDAP Server

Rowland Penny rowlandpenny at googlemail.com
Wed Aug 6 03:05:45 MDT 2014

On 04/08/14 16:45, Gordan Bobic wrote:
> Hi,
> I'm trying to set up multiple standalone Samba servers that use the 
> same OpenLDAP back-end database for authentication, but on any servers 
> beyond the first one I cannot seem to get past the error like the 
> following:
> "The primary group domain sid($SecondaryServerSID) does not match the 
> domain sid($PrimaryServerSID) for $UserName($UserSID)"
> It seems nuts to have to set up a domain controller just to have 
> multiple standalone servers within the same workgroup.
> If I configure the secondary server to use a local user password 
> database for authentication, everything works fine, but that means 
> having to maintain the database in multiple locations.
> Is there a way to completely neuter all the domain functionality and 
> use LDAP _only_ for username/password authentication from multiple 
> standalone servers within the same workgroup?
> Gordan

Short answer, NO

Long answer, in this instance, samba is working just like a windows 
workgroup, you can have lots of windows machines in the same workgroup, 
but you have to create any users & groups that you want to connect to a 
machine on that machine AND any others that you want the users or groups 
to connect to. Once you get past 10 or 12 machines this gets complicated 
and hard to keep track of, this is why domains were created. Now that 
you know this, can you see why what you are trying to do with samba will 
not work.

Set up a domain, either a PDC or an AD DC, it will be a lot easier in 
the long run ;-)


More information about the samba mailing list