On Thu, 2004-04-01 at 16:40, Ted Wisniewski wrote: > Ldapsearch was being a pain, so just grabbed the info from a "slapcat" > instead, which was simpler. --- crutches - life with LDAP is infinitely easier when you can get command of the ldap queries from the command line. That sharpens your understanding and skills of using LDAP. --- > > So, now that I know what my "problem" is/was.... I am able > to move forward. The only issue I have now is that I have 9000 users > that I want to be able to log onto multiple domains. By having > to have the SID match the domain.... It presents a problem... > > I only want one password database to maintain... I guess I could get > clever with LDAP replication and have multiple LDAP's... This is a less > than Ideal solution. At this time I have large smbpasswd files that I > would like to not use. I guess my ideal solution would look like: > > /--- Domain A > / > LDAP -------+ > \ > \--- Domain B > > > Since we use a web based password changer, I could have a separate > LDAP per Domain. I guess, in my ideal world I would have an LDAP > with multiple sambaSID's, each samba server would just pick the one > out of the LDAP that was appropriate to that Domain. I realize > that the current schema does not allow for this and that samba is not set > up to handle it either. Any ides on how to accomplish something similar > without that ability. ---- ahh - the million dollar question.
Don't you want users to be able to change their password using the typical Windows change password tool instead of requiring them to change it via http? What about UserMgr.exe? Anyway, if your LDAP skills are strong enough (I suspect not), you can use replication to have each PDC run the master of the primary Domain it is serving up and become a slave on the domains that it is not. Together with winbindd, this should prove to be the most flexible - of course you must set up 'trusts' between the various domains. LDAP is the tiger that you apparently don't want to ride but I have found it to be quite predictable. Craig -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba