Simo Sorce wrote: > > Multi domain DC is never going to happen in samba, it just doesn't make > sense, as the protocols used (eg. SMB) will not be able to support such > thing, so please let's stop to talk about multi-DC samba.
I'm not so sure on this one. Some parts of the protocol might need to be told 'if not specified, use this', but I'm not sure the statement holds across everything. For example, I don't see any reason why we can't 'pretend' that any secondary domain is a 'trusted domain'. This would allow (for example) a resource DC, which has each machine in it, but no users, and an organizational DC to coexist nicely. (This is quite a common setup, btw). The advantage is that this one installation could have the 'organizational' users in replicated LDAP, so it would not need to make external connections for authentication. For the rare cases where clients contact the trusted domain directly, we could have either a separate Samba on another IP, or they could contact the remote DC directly. I see this as a powerful way to push Samba into places that it currently can't go, and I would like a chance to explore it. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net