thr3ads.net - samba - [Samba] Trusted domains with ldapsam

If this information is useful, please help other people find it:
Share via:

David Barker

2005-May-19 15:24 UTC

[Samba] Trusted domains with ldapsam_compat in samba 3

Hi all :-)

We are currently hosting a SAMBA domain that provides login & file 
serving for public clusters around the university campus. We are using 
Samba 3.0.10, with an LDAP server that uses a samba 2.x schema.

A department would now like to trust our domain for authentication, and 
use their own domain to administer their windows boxes. Will we be able 
to create a domain trust account in our ldap server with our samba 2 
schema? And if so, does anyone have a sample ldif I could use to 
manually create the account directly in the ldap server?

--
David Barker
University of Exeter IT Services

D.R.Barker@exeter.ac.uk

2005-May-23 00:10 UTC

head link

[Samba] Re: Trusted domains with ldapsam_compat in samba 3

For the benefit of Google, and other's that may browse the list archive 
some day.

It turns out the the interdomain trust account is exactly the same as a 
machine account, but the account flags has I set instead of M (i.e  [I    
     ]) . Although not explicitly stated, this is implied in the 
documentation - I'll try to read more carefully in future.  ;-)

As it turns out, setting up the domain trust isn't really going to be 
much help for our department - our PDC can't list out the 22,000+ 
accounts quickly enough, so windows times out before ever showing a 
helpful list of users to work with. Does anyone know if ldapsam is much 
quicker than ldapsam_compat, or better yet, when samba 4 is going to be 
released? Delegation of admin on OU's would make this easier :D

David Barker wrote:
> Hi all :-)
> We are currently hosting a SAMBA domain that provides login & file serving for public clusters around the university campus. We are using 
Samba 3.0.10, with an LDAP server that uses a samba 2.x
schema.> A department would now like to trust our domain for authentication,  anduse their own domain to administer their windows boxes. Will we be  able
to create a domain trust account in our ldap server with our  samba 2
schema? And if so, does anyone have a sample ldif I could use  to
manually create the account directly in the ldap server?> --
> David Barker
> University of Exeter IT Services

Maybe Matching Threads

Search for more possibly parallel threads

samba - May 2005 - Trusted domains with ldapsam_compat in samba 3

[Samba] Trusted domains with ldapsam_compat in samba 3

[Samba] Re: Trusted domains with ldapsam_compat in samba 3

Maybe Matching Threads