Multiple domains in LDAP and 1 samba server for all domains, what to do?
Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
This will allow me to add users to the samba system and authenticate them via LDAP but probably only for the domain red.com.
Question is how can I allow the ldap admin DN login to the other domains on LDAP and create or authenticate users there? I'm starting to think that we'll need three samba daemons or servers.
The second problem, how can users from one domain authenticate and search the directory of another domain? I'm flirting with the idea that I should just create one fake domain name and have everyone in that, but I'm sure that's going to cause problems in the future.
Why not have one 'fake' domain name, and then create users in groups within subdomains within one LDAP db? This really shouldn't pose a problem, since you can configure individual machines to only allow a subset of users.
It does take a lot of work, but I would bet that one database in LDAP is alot easier to implement than three, and it is easily replicated onto other servers if that is required.
Last edited by irishbitte; 11-14-2008 at 09:13 AM.