[K12OSN] HELP: can there be two samba servers in one domain?

john lists.john at gmail.com
Mon Dec 12 20:51:52 UTC 2005

Thanks Mark,

I am sort of amazed the more I look into this. As far as I can tell,
Multiple boxes running Samba really don't have a native way to share a
single backend via AD.  I'd love to be wrong about this. I am sort of
thinking out loud here, perhaps it will help me or someone else who
has this problem in the future.

I am not able to move to OpenLdap since the scope of this project =!
complete network paradigm shift at this time. The newly released FC4
Directory Server http://directory.fedora.redhat.com/wiki/Main_Page
which could be a substitute for AD someday seems too green to me.

The more I look into trying to have more than a single Samba box share
credentials with AD it looks like I have to do one of the following,
all of which seem to have _way_ too many moving parts to be reliable.

1) Hack Samba (this is beyond my meager skillset, I assume if it were
obvious someone would have scratched this itch by now)

2) use someone else's hack by way of a seemingly moribund project on
Source Forge http://groups.google.com/group/linux.samba/browse_thread/thread/e9d0a4caedd67473/40b697830a6dce06?lnk=st&q=multiple+samba+ads&rnum=10&hl=en#40b697830a6dce06
following directions from here: http://www.securityfocus.com/infocus/1563

3)Or use MS Unix tools
using these directions http://www.oo-services.com/en/articles/sso.html

Frankly, this seems like WAY to much work, just to spread a little
storage around. I'll keep looking into this, and would love to have
someone set me straight, and tell me (in an easy to follow step by
step manner :-)   )how easy this project really is.


On 12/12/05, Mark Gumprecht <gumprechtm at msad3.org> wrote:
> John I'm no pro and ran out of time with the beginning of school to get
> mine in so....net getlocalsid will pull up the local domain sid. Man net
> will give you some other commands like setlocalsid, not much, but HTH
> Mark
> john wrote:
> >Hi all,
> >I need some advice and I hope folks here can help. I have set up
> >k12ltsp to provide single sign on and file storage for users in
> >Windows Domain which uses ADS. However instead of storing the files
> >locally on the k12ltsp box, I would like to have my file storage on a
> >separate Samba file server (and in the future several Samba servers).
> >So basically multiple Samba installations using ADS and all using the
> >same SID==>GID/UID mapping.
> >
> >So here's the scenerio:
> >
> >Linux box A is running FC4 , Samba and NFS. This box exports /home via
> >NFS to Linux Box B running K12LTSP and Winbind. I have single sign
> >(for windows and terminal clients)  via winbind working on box B.
> >
> >Problem: I need someway to keep SID ==> GID/UID mapping consistent
> >from box to box, if I run two version of winbind, mappings will be out
> >of sync. I THINK i need to create a unified IDMAP and point box A to
> >it. I've been looking at IDMap_RID here
> >http://tr.samba.org/samba/docs/man/Samba-HOWTO-Collection/idmapper.html#id2567740
> >but I am not sure that this is even in the ball park.
> >
> >Also, some folks seem to believe the only way to accomplish this is
> >with a Unix snap in for AD.
> >
> >I could really use some help on this!
> >
> >TIA,
> >
> >_______________________________________________
> >K12OSN mailing list
> >K12OSN at redhat.com
> >https://www.redhat.com/mailman/listinfo/k12osn
> >For more info see <http://www.k12os.org>
> >
> >
> >
> --
> Mark Gumprecht
> Data Systems Specialist
> Unity, ME
> gumprechtm at msad3.org
> _______________________________________________
> K12OSN mailing list
> K12OSN at redhat.com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>

More information about the K12OSN mailing list