In past, one of my clients was using domain auth with winbind mainly due to the
fact that we had multiple domains to login from and RHEL4u6 did not have a
cross realm support.
As of now client moved completely to RHEL5u4 and soon to be u7, he would like
to migrate to native krb auth.
Our backend infrastructure for AD is windows 2008 servers. My question is in
regards to user ID mapping. I would like to preserve/match the existing UID.
There are two domains, "MYDOMAIN" and "NEWDOMAIN" that is used by different
users.
With winbind, we used something like this on each host in order to get the UID
for each user - this setup would guarantee identical UID for each user on every
server.
How can the same be accomplished with native krb with cross realm support?
[global]
workgroup = MYDOMAIN
realm = MYDOMAIN.HOSTNAME.COM
server string = Samba Client
security = ADS
obey pam restrictions = Yes
passdb backend = tdbsam
client NTLMv2 auth = Yes
log file = /var/log/winbind
local master = No
dns proxy = No
panic action = /usr/share/samba/panic-action %d
idmap uid = 1000 - 299999
idmap gid = 1000 - 299999
template shell = /bin/bash
winbind separator = +
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
winbind expand groups = 10
winbind refresh tickets = Yes
winbind offline logon = Yes
idmap config MYDOMAIN:range = 100000 - 199999
idmap config MYDOMAIN:backend = rid
idmap config NEWDOMAIN:range = 200000 - 299999
idmap config NEWDOMAIN:backend = rid
_______________________________________________
rhelv5-list mailing list
rhelv5-list@redhat.com
https://www.redhat.com/mailman/listinfo/rhelv5-list
