On Mon, 2006-07-24 at 11:02 -0700, Nathan England wrote: > I have a remote office with an extremely slow internet connection. In the past > all machines authenticated to the domain through that network connection to > the main office, which often caused timeouts or other network errors as all > user files were on the server in the main office. > > I purchased a Dell server with RHEL4 and setup a basic samba domain and dhcp > ip addressing. Now all users authenticate to that samba machine with a tdbsam > database. > > The network has now been upgraded, and I would like to connect that domain to > our main office again. The main office uses a samba/ldap auth system. > What is the best way to setup the remote office to authenticate to the main > office? Can I setup a second ldap:// backend in samba and use both the main > office ldap db and the tdbsam db? > > I don't want to have to change the domain accounts on all the machines, so I > am hoping I can keep their current domains, but simply use the user > information from the main office. > > Easy / totally stupid / hard ? > Suggestions? ---- www.samba.org/samba/docs See Samba By Example - available in html, pdf or you can buy it at any book seller (dead tree format). The short answer is no - it appears that you have machines joined to 2 different domains (they may have the same name but it isn't the name that is the issue...it's the SID for the domain and all of the machine accounts, user accounts, groups, etc.) You could have the domains 'trust' each other though. You are likely to have issues with cross-subnet browsing, depending upon how you create the WAN/VPN. If you want 1 domain with multiple locations, then the better course would be to set up LDAP at each location and use master/slave replication which would mean joining the machines and the users to the LDAP domain - note that you can designate samba properties such as their HOME$, their PROFILE$ and even their logon script and mounted shares individually so the user has his home directory and stored profile on the server closest to them. Without question though, this topic is covered in the above mentioned documentation quite thoroughly I'm sure so any miniaturization of my understanding would be a disservice since the documentation is free. Craig --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change you mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss