subject:"\[Samba\] one ldap server and multiple samba PDC domains"

Re: [Samba] one ldap server and multiple samba PDC domains

2008-10-25 Thread Mohammad Reza Hosseini

the problem is that we need different domains but there are users that
should be able to login in to all domains and also there is a public domain
which every body could use to login so if we use multiple LDAP servers
managing their properties for example passwords is difficult since when a
user changes password then the password must be set in all LDAP servers.

2008/10/23 Andrew Bartlett <[EMAIL PROTECTED]>

> On Mon, 2008-10-20 at 08:57 +0330, Mohammad Reza Hosseini wrote:
> > hello
> >
> > Is it possible to have multiple samba servers so multiple samba PDC
> domains
> > but just one ldap server ? (so users in ldap can login to diffrent
> domains
> > but we add them just one time)
> > if yes how?
>
> In short, don't.  A lot of folks have got themselves into a lot of
> trouble doing this, as it is not a tested or supported configuration.
>
> The only option is to ensure that each Samba domain cannot see the users
> of the other domain - the suffixes must be different.  But then why even
> share the LDAP server?
>
> I strongly suggest running a single domain for a single organisation,
> backed by a single LDAP server (or replicated set of LDAP servers).
>
> Andrew Bartlett
>
> --
> Andrew Bartlett
> http://samba.org/~abartlet/ 
> Authentication Developer, Samba Team   http://samba.org
> Samba Developer, Red Hat Inc.
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] one ldap server and multiple samba PDC domains

2008-10-23 Thread Sven Buchstaller

The short answer is that it is a very bad practice to use and poor design to 
use a single DIT across multiple domains.  It is much smarter to design and 
implement a separate DIT per domain

Greets Sven

Am Donnerstag 23 Oktober 2008 02:45:46 schrieb Andrew Bartlett:
> On Mon, 2008-10-20 at 08:57 +0330, Mohammad Reza Hosseini wrote:
> > hello
> >
> > Is it possible to have multiple samba servers so multiple samba PDC
> > domains but just one ldap server ? (so users in ldap can login to
> > diffrent domains but we add them just one time)
> > if yes how?
>
> In short, don't.  A lot of folks have got themselves into a lot of
> trouble doing this, as it is not a tested or supported configuration.
>
> The only option is to ensure that each Samba domain cannot see the users
> of the other domain - the suffixes must be different.  But then why even
> share the LDAP server?
>
> I strongly suggest running a single domain for a single organisation,
> backed by a single LDAP server (or replicated set of LDAP servers).
>
> Andrew Bartlett


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] one ldap server and multiple samba PDC domains

2008-10-22 Thread Andrew Bartlett

On Mon, 2008-10-20 at 08:57 +0330, Mohammad Reza Hosseini wrote:
> hello
> 
> Is it possible to have multiple samba servers so multiple samba PDC domains
> but just one ldap server ? (so users in ldap can login to diffrent domains
> but we add them just one time)
> if yes how?

In short, don't.  A lot of folks have got themselves into a lot of
trouble doing this, as it is not a tested or supported configuration.

The only option is to ensure that each Samba domain cannot see the users
of the other domain - the suffixes must be different.  But then why even
share the LDAP server?

I strongly suggest running a single domain for a single organisation,
backed by a single LDAP server (or replicated set of LDAP servers).

Andrew Bartlett

-- 
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team   http://samba.org
Samba Developer, Red Hat Inc.

signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] one ldap server and multiple samba PDC domains

2008-10-20 Thread Jorge Concha C.

On Mon, 20 Oct 2008 14:20:16 -0300, Norberto Bensa <[EMAIL PROTECTED]>  
wrote:



Quoting "Jorge Concha C." <[EMAIL PROTECTED]>:



All my users can log in at all my 3 domains.



Of course. All your domains have the same SID...

Why did you chose this setup instead of domain trusts?

Wouldn't a two-way trust give the same functionality?



I really do not know. I never thought in a configuration of two-way trust.

In addition, my system began as a single domain, then, because the great
load on the machine, I had to duplicate it and then tripled.

Jorge C.

PD. Tu hablas español ?



Thanks!


You are welcome.


Norberto





--
Using Opera's revolutionary e-mail client: http://www.opera.com/mail/
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] one ldap server and multiple samba PDC domains

2008-10-20 Thread Norberto Bensa


Quoting "Jorge Concha C." <[EMAIL PROTECTED]>:



All my users can log in at all my 3 domains.



Of course. All your domains have the same SID...

Why did you chose this setup instead of domain trusts?

Wouldn't a two-way trust give the same functionality?


Thanks!
Norberto




This message was sent using IMP, the Internet Messaging Program.


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] one ldap server and multiple samba PDC domains

2008-10-20 Thread Jorge Concha C.



All my users can log in at all my 3 domains.

Responses:
All sambaDomainName entries:
sambaSID=S-1-5-21-3209642587-1536209094-3825437934
same for all domains.

users:
user1 = S-1-5-21-3209642587-1536209094-3825437934-4801
user2 = S-1-5-21-3209642587-1536209094-3825437934-4802
user3 = S-1-5-21-3209642587-1536209094-3825437934-4803
etc.

net getdomainsid @ all machines:
SID for domain SAMBA1 is: S-1-5-21-3209642587-1536209094-3825437934
SID for domain DOMAIN1 is: S-1-5-21-3209642587-1536209094-3825437934

SID for domain SAMBA2 is: S-1-5-21-3209642587-1536209094-3825437934
SID for domain DOMAIN2 is: S-1-5-21-3209642587-1536209094-3825437934

SID for domain SAMBA3 is: S-1-5-21-3209642587-1536209094-3825437934
SID for domain DOMAIN3 is: S-1-5-21-3209642587-1536209094-3825437934



On Mon, 20 Oct 2008 11:42:45 -0300, Norberto Bensa <[EMAIL PROTECTED]>  
wrote:



Quoting "Jorge Concha C." <[EMAIL PROTECTED]>:


You must have multiple sambaDomainName entries, all with same SID value.


What sambaSID do your users have?

What does "net getdomainsid" return on your domains?

I'm asking because I have 4 domains (long history, don't ask) and I'm  
currently moving them from tdbsam to ldapsam.


I have no problems with my users because no user is repeated in two  
domains except for one "soporte". I need this user "soporte" to be able  
to log in my 4 domains.


Thanks,
Norberto




This message was sent using IMP, the Internet Messaging Program.






--
Using Opera's revolutionary e-mail client: http://www.opera.com/mail/
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] one ldap server and multiple samba PDC domains

2008-10-20 Thread Norberto Bensa


Quoting "Jorge Concha C." <[EMAIL PROTECTED]>:


You must have multiple sambaDomainName entries, all with same SID value.


What sambaSID do your users have?

What does "net getdomainsid" return on your domains?

I'm asking because I have 4 domains (long history, don't ask) and I'm  
currently moving them from tdbsam to ldapsam.


I have no problems with my users because no user is repeated in two  
domains except for one "soporte". I need this user "soporte" to be  
able to log in my 4 domains.


Thanks,
Norberto




This message was sent using IMP, the Internet Messaging Program.


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] one ldap server and multiple samba PDC domains

2008-10-20 Thread Jorge Concha C.


Yes, it is possible.

You must have multiple sambaDomainName entries, all with same SID value.

I have this, and works very good.

Jorge C.
PD. Sorry for my bad english.


On Mon, 20 Oct 2008 02:27:39 -0300, Mohammad Reza Hosseini  
<[EMAIL PROTECTED]> wrote:



hello

Is it possible to have multiple samba servers so multiple samba PDC  
domains
but just one ldap server ? (so users in ldap can login to diffrent  
domains

but we add them just one time)
if yes how?

thanks.




--
Using Opera's revolutionary e-mail client: http://www.opera.com/mail/
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] one ldap server and multiple samba PDC domains

2008-10-19 Thread Mohammad Reza Hosseini

hello

Is it possible to have multiple samba servers so multiple samba PDC domains
but just one ldap server ? (so users in ldap can login to diffrent domains
but we add them just one time)
if yes how?

thanks.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] one ldap server and multiple samba PDC domains

Re: [Samba] one ldap server and multiple samba PDC domains

Re: [Samba] one ldap server and multiple samba PDC domains

Re: [Samba] one ldap server and multiple samba PDC domains

Re: [Samba] one ldap server and multiple samba PDC domains

Re: [Samba] one ldap server and multiple samba PDC domains

Re: [Samba] one ldap server and multiple samba PDC domains

Re: [Samba] one ldap server and multiple samba PDC domains

[Samba] one ldap server and multiple samba PDC domains

9 matches

Site Navigation

Mail list logo

Footer information