The situation I've got is that I want to make one domain, and then use it on several different subnets. I have 3 subnets, 10.1.x.x, 10.2 and 10.3, all physically remote, but connected by a frees/wan tunnel that is working just fine. We also have working LDAP logins and all that is fine. I have gotten as far as getting my domain going on LDAP within one subnet, but now I'm trying to add the second one.Hi,
I've got a second box on the remote subnet that can get connected to ldap, and authenticate users just fine, i.e. I can browse to it from wherever I need to come from, off of a machine that is connected to the server on subnet 1. The problem arises when I try to join the domain
from the second subnet. I am entirely unclear on what configuration I
need on the second box to make the domain join work. I tried once with the same smb.conf from the first machine, at which point I could get joined just fine, but could not log in. Now I have machine 2 in more of a non-master setup, basically just a domain master = no, and I can't get joined at all. The smb.conf of the 'master' is attached to the end of this post.
I've seen in the archives several people claiming that this is possible, but never giving any direction as to what to try. I also remember seeing something about using seperate domains, but then sharing the LDAP data storage. Would this be done by just changing the SID of all the domains to match? Which of the two is a more reliable solution? I'd lean toward the former, but I'm open to suggestions.
[global] workgroup = AE3 server string = passdb backend = ldapsam:ldap://ldap1.fargo.ae-solutions.com pam password change = Yes log level = 2 log file = /var/log/samba/log.%m max log size = 50 add group script = /usr/local/sbin/smbldap-groupadd -p add user to group script = /usr/local/sbin/smbldap-groupmod -m delete user from group script = /usr/local/sbin/smbldap-groupmod -x set primary group script = /usr/local/sbin/smbldap-usermod -g add machine script = /usr/local/sbin/smbldap-useradd -w logon script = logon.cmd logon path = \\fgoserv\profiles\%U logon drive = H: logon home = \\fgoserv\%U domain logons = Yes dns proxy = No wins support = Yes ldap suffix = dc=ae-solutions,dc=com ldap machine suffix = ou=Computers ldap user suffix = ou=People ldap group suffix = ou=Group ldap admin dn = cn=Manager,dc=ae-solutions,dc=com ldap ssl = no ldap passwd sync = Yes
this is a matter of subnet browsing.
Ich have solved the problem with having samba proxies on the firewalls,
which are routers too.
if you get wins and dns work in the right way, joining a smb domain
in an other subnet works.
Allthough you should simply setup a smb bdc with slave ldap in the other subnet. ( this would also help if you loose con to the master ldap )
You can also setup a new domain and trust each other ( but there for
wins and dns must work too )
watch out and read the doku to this parameters
remote browse sync =
remote announce =
and wins server = x.x.x.x
Regards
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
