I've got a (semi) working setup using openldap and samba in a domain
where user passwords are shared across multiple samba based PDCs (As per
suggestions from this list, all samba machines are PDC or BDC). These
systems are designed to provide a collection of file services with a
unified username/password to an assortment of laptops and desktops which
may not be permanently joined to the domain. as it turns out, running a
domain for single signon causes a bunch of problems, not the least of
which are:
1) permissions cannot be set for printers without joining a system to
the domain, then local users can't print from joined systems (but can
print from non-joined systems, wth?), which leads to..
2) After a trial join, it became immediately apparent that even joining
the domain was infeasable for any period of time.
3) browsing domain+workgroup computers doesn't always work properly.
At the end of the day I've come to a conclusion. it's time to separate
these two systems into non-domain samba servers. However, I still want
to have them use the single LDAP directory to handle a central password
repository. can they do this? will I be able to have two different
systems with different domains (host names) and SIDs have unified
passwords using ldap ? or will I have to resort back to using local
smbpasswd stores?
