security = domain is for domain member servers, which are servers that
are part of the domain but don't authenticate users, handle roaming
profiles, etc. basically you'd use them for print servers, or more file
shares.
why don't you just have a PDC and use BDCs? sure you can have a bunch
of domains and PDCs, but if its all for the same company, just go with
the PDC and then a BDC on each subnet. PDCs and BDCs both use security
= user
Daniel Pocock wrote:>
>
>
> Consider the following scenario:
>
> - a single OpenLDAP server, with a single instance of the object class
> sambaDomain and a single SID:
>
> dn: sambaDomainName=myserver,ou=samba,dc=example,dc=com
> objectClass: sambaDomain
> sambaDomainName: MYGROUP
> sambaSID: S-1-2-3
>
> - multiple Samba servers, each with the following configuration:
>
> security = user
> workgroup = MYGROUP
>
> Is this a valid configuration? Or does the SMB protocol require the
> domain security to be used (security = domain) when all servers share
> a single LDAP backend?
>
> Regards,
>
> Daniel