[K12OSN] Re: [Samba] 4 samba domains/one ldap backend/2 methods/which to use?

[Barry Smoke <bsmoke bryantschools org>]

Andrew Bartlett wrote:

> You cannot share users between domains.  If the user is in one domain,
> it *must not* be visible to the other domains, you must use a seperate
> ldap suffix.
where is the documentation on this?  I would think this would be a 
common configuration with ldap, trying to consolidate to one ldap 
directory.  Anyone written any HowTo's?
since we are using smbldap-tools, I guess this means a re-write to make 
those utilities work?

> Check your replication, and use Samba 3.0.1, with the 'ldap replication
> sleep' parameter.  This allows you to make the system wait until the
> slave LDAP server has caught up.
>
>  
Thanks, We'll try that...

> > questions:
> > on method1 above, we have some users that get special shares based upon 
> > the %m, meaning the domain they put to log in box.
> >    
>
> %m is the machine name they login from.
>
>  
%L is what I meant...the netbios name of the server(meaning what server 
the client wanted)
We use this to make one large quad xeon act like 4 different servers.

> > This works on the pdc, but we can't get it to work on a BDC.(Why don't 
> > domain aliases work on a BDC?)
> >    
>
> I'm not sure what you mean here.
>
>  
We tested putting a netbios alias into our pdc with ldap, and we can 
type that alias as the domain we are logging into
on the main network, and use the variable in the smb.conf file for 
various things....works great!

when we got our BDC up, we tried putting our main campus domain as the 
workgroup name, then put in what we were using as
the remote domain in as an alias(just like on the main server), and even 
a windows 98 machine couldn't find the domain....
does BDC break this?

> Andrew Bartlett
>
>