Hi all, Can samba have multiples domains in a single OU on ldap ? Cause I have 2 separate samba domains, many users in the same OU depending on one or the other domain (not 2 at the same time, the SID is refering to only one domain), and every user can log into the 2 domains without interdomain trust... Is it a normal feature ? (Yes it's a configuration a little twisted, I know ;)) Mathieu
> Can samba have multiples domains in a single OU on ldap ?It seems like this should work to me. The domain SIDs would be different.> Cause I have 2 separate samba domains, many users in the same OU depending > on one or the other domain (not 2 at the same time, the SID is refering to > only one domain), and every user can log into the 2 domains without > interdomain trust... > Is it a normal feature ?Seems very strange. I don't have one currently, but I ran a test-domain from my same Dit while testing moving from ldapsam 2.2.x - > 3.x.x and am pretty sure it didn't exhibit this behaviour.> (Yes it's a configuration a little twisted, I know ;))I don't think so. Why shouldn't objects be able to exist in the same ou?
Lawcorn de Manchour
2003-Nov-25 00:56 UTC
[Samba] Re: Samba 3.0.0, LDAP and multiples domains
After verification, samba ask the ldap server for the domain (valhalla)
before asking for the user (sgtrico)...
Nov 25 01:31:03 NuThor slapd[8131]: conn=3251 op=1 SRCH base="dc=unet"
scope=2
filter="(&(objectClass=sambaDomain)(sambaDomainName=VALHALLA))"
Nov 25 01:31:03 NuThor slapd[8131]: conn=3251 op=1 SRCH attr=sambaDomainName
sambaNextRid sambaNextUserRid sambaNextGroupRid sambaSID
sambaAlgorithmicRidBase objectClass
Nov 25 01:31:03 NuThor slapd[8131]: conn=3251 op=1 SEARCH RESULT tag=101
err=0 nentries=1 text
Nov 25 01:31:05 NuThor slapd[22596]: conn=3251 op=2 SRCH
base="dc=unet"
scope=2 filter="(&(uid=sgtrico)(objectClass=sambaSamAccount))"
Nov 25 01:31:05 NuThor slapd[22596]: conn=3251 op=2 SRCH attr=uid uidNumber
gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange
sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn
displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath
description sambaUserWorkstations sambaSID sambaPrimaryGroupSID
sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags
Nov 25 01:31:05 NuThor slapd[22596]: conn=3251 op=2 SEARCH RESULT tag=101
err=0 nentries=1 text
But VALHALLA sambaSID=S-1-5-21-3585723948-3968499713-263492914
and sgtrico sambaSID=S-1-5-21-1945463927-983056024-2732114171-2008
Nuthor is the PDC for VALHALLA and an smbclient works with other domain's
users...
[root@NuThor samba3]# smbclient //nuthor/users -U sgtrico
Password:
smb: \>
Samba does not check the SID of the domain when connecting, or do I have to
put the SID in the "ldap filter" parameter ?
I've found another field ("sambaDomainName") which I filled with
the name of
the second domain, but for the same result...
Does anyone have already dealt with this behavior, or I did a bad
configuration of samba ?
PS : Sorry for my bad english...
Mathieu