Re: Samba/LDAP/tdbsam question

Top Page
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Craig White
Date:  
To: nathan, Main PLUG discussion list
Subject: Re: Samba/LDAP/tdbsam question
On Mon, 2006-07-24 at 11:02 -0700, Nathan England wrote:
> I have a remote office with an extremely slow internet connection. In the past
> all machines authenticated to the domain through that network connection to
> the main office, which often caused timeouts or other network errors as all
> user files were on the server in the main office.
>
> I purchased a Dell server with RHEL4 and setup a basic samba domain and dhcp
> ip addressing. Now all users authenticate to that samba machine with a tdbsam
> database.
>
> The network has now been upgraded, and I would like to connect that domain to
> our main office again. The main office uses a samba/ldap auth system.
> What is the best way to setup the remote office to authenticate to the main
> office? Can I setup a second ldap:// backend in samba and use both the main
> office ldap db and the tdbsam db?
>
> I don't want to have to change the domain accounts on all the machines, so I
> am hoping I can keep their current domains, but simply use the user
> information from the main office.
>
> Easy / totally stupid / hard ?
> Suggestions?

----
www.samba.org/samba/docs

See Samba By Example - available in html, pdf or you can buy it at any
book seller (dead tree format).

The short answer is no - it appears that you have machines joined to 2
different domains (they may have the same name but it isn't the name
that is the issue...it's the SID for the domain and all of the machine
accounts, user accounts, groups, etc.)

You could have the domains 'trust' each other though. You are likely to
have issues with cross-subnet browsing, depending upon how you create
the WAN/VPN. If you want 1 domain with multiple locations, then the
better course would be to set up LDAP at each location and use
master/slave replication which would mean joining the machines and the
users to the LDAP domain - note that you can designate samba properties
such as their HOME$, their PROFILE$ and even their logon script and
mounted shares individually so the user has his home directory and
stored profile on the server closest to them.

Without question though, this topic is covered in the above mentioned
documentation quite thoroughly I'm sure so any miniaturization of my
understanding would be a disservice since the documentation is free.

Craig

---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss