[EMAIL PROTECTED] wrote:
Adam Williams wrote:
Is it possible to have multiple domains and all of them authenticate
to one PDC running openldap?
Each building at work has a network segment, 10.8.1.x - 10.8.18.x,
each having their own samba server using smbpasswd and DOMAIN name.
Like the server arrowhead 10.8.9.2 has domain = HPADMIN in smb.conf,
server archives 10.8.8.2 has domain = OLDCAPITOL in smb.conf, roark
10.8.2.3 has domain = ADMIN in smb.conf.
I'd like to replace all of these smbpasswd backends with a single
LDAP server and am reading Samba 3 by Example. Would it be possible
to have each server keep its seperate DOMAIN = configuration, but
have them all use the PDC of roark for authentication on its OpenLDAP
configuration?
You can't use a single PDC, but you can have all your inidividual PDCs
use the same LDAP server as a backend -- you just reconfigure each of
the existing domain controllers with its own base distinguished name
within the LDAP server... e.g.:
dc=hpadmin,dc=your,dc=domain
dc=oldcapitol,dc=your,dc=domain
dc=admin,dc=your,dc=domain
Migrating the accounts from the local smbpasswd to LDAP is left as an
exercise for the sysadmin :-) but as long as you give each domain its
own branch in your LDAP database, you should not run into problems.
Don Piven
What about just having a dc=ldap,dc=your,dc=domain with all the user
accounts in it, and then every samba PDC use passdb backend =
ldapsam:ldap://ldap.your.domain
Basically I just want it so all the username/passwords are in a central
location so when a user does ctrl-alt-del and clicks change password, it
will change their windows logon password, their email password, etc. i
just have to also keep the legacy PDC servers because of registry and
file permissions. otherwise I have to load the registry hive of 100
users and change the permissions on them and their profiles.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
