samba - Oct 2003 - Samba 3.0.0 & LDAP: multiple domains logon

Hello,

If you use samba 3.0.0 with LDAP authentication, samba uses an ldap 
attribute "sambaSID" in which the domain SID is stored. When somebody
does
a domain logon (2000/XP) this attribute is checked. But suppose I would 
like to login to another domain? Can I define multiples sambaSID's or is 
this attribute unique? If it's unique, how can I login to multiple domains?

Werner

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

werner maes wrote:
|
|     Hello,
|
| If you use samba 3.0.0 with LDAP authentication, samba uses an ldap
| attribute "sambaSID" in which the domain SID is stored. When
somebody
| does a domain logon (2000/XP) this attribute is checked. But suppose I
| would like to login to another domain? Can I define multiples sambaSID's
| or is this attribute unique? If it's unique, how can I login to multiple
| domains?

You can't.  This was one of the drawbacks of moving to SID's
as opposed to RID's.  However, you can setup truated Samba
domains thus grouping users but still being able to logon to
clients in other domains.




cheers, jerry
~ ----------------------------------------------------------------------
~ Hewlett-Packard            ------------------------- http://www.hp.com
~ SAMBA Team                 ---------------------- http://www.samba.org
~ GnuPG Key                  ---- http://www.plainjoe.org/gpg_public.asc
~ "You can never go home again, Oatman, but I guess you can shop
there."
~                            --John Cusack - "Grosse Point Blank"
(1997)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE/evZoIR7qMdg1EfYRAmBuAKDqfSOb/BUGDEDZtlpDUAEOFrgxKwCfeypo
dGPwe9oxoAtPb+i5BtTCAvo=WnyP
-----END PGP SIGNATURE-----

At 10:44 1/10/2003, Gerald (Jerry) Carter wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>werner maes wrote:
>|
>|     Hello,
>|
>| If you use samba 3.0.0 with LDAP authentication, samba uses an ldap
>| attribute "sambaSID" in which the domain SID is stored. When
somebody
>| does a domain logon (2000/XP) this attribute is checked. But suppose I
>| would like to login to another domain? Can I define multiples
sambaSID's
>| or is this attribute unique? If it's unique, how can I login to
multiple
>| domains?
>
>You can't.  This was one of the drawbacks of moving to SID's
>as opposed to RID's.  However, you can setup truated Samba
>domains thus grouping users but still being able to logon to
>clients in other domains.
What do you mean by "truated Samba domains"?
Could you explain some more?

Thanks,

Werner