Hello Ilya, Were you able to find the solution for your inquiry? I did not see any on-list replies in the archives.
Cheers, Eugene On Thursday, February 16, 2012, Musayev, Ilya wrote:r > In past, one of my clients was using domain auth with winbind mainly due > to the fact that we had multiple domains to login from and RHEL4u6 did not > have a cross realm support.**** > > ** ** > > As of now client moved completely to RHEL5u4 and soon to be u7, he would > like to migrate to native krb auth.**** > > ** ** > > Our backend infrastructure for AD is windows 2008 servers. My question is > in regards to user ID mapping. I would like to preserve/match the existing > UID. **** > > ** ** > > There are two domains, “MYDOMAIN” and “NEWDOMAIN” that is used by > different users.**** > > ** ** > > With winbind, we used something like this on each host in order to get the > UID for each user – this setup would guarantee identical UID for each user > on every server. **** > > ** ** > > How can the same be accomplished with native krb with cross realm support? > **** > > ** ** > > ** ** > > [global]**** > > workgroup = MYDOMAIN**** > > realm = MYDOMAIN.HOSTNAME.COM**** > > server string = Samba Client**** > > security = ADS**** > > obey pam restrictions = Yes**** > > passdb backend = tdbsam**** > > client NTLMv2 auth = Yes**** > > log file = /var/log/winbind**** > > local master = No**** > > dns proxy = No**** > > panic action = /usr/share/samba/panic-action %d**** > > idmap uid = 1000 - 299999**** > > idmap gid = 1000 - 299999**** > > template shell = /bin/bash**** > > winbind separator = +**** > > winbind enum users = Yes**** > > winbind enum groups = Yes**** > > winbind use default domain = Yes**** > > winbind expand groups = 10**** > > winbind refresh tickets = Yes**** > > winbind offline logon = Yes**** > > idmap config MYDOMAIN:range = 100000 - 199999**** > > idmap config MYDOMAIN:backend = rid**** > > idmap config NEWDOMAIN:range = 200000 - 299999**** > > idmap config NEWDOMAIN:backend = rid**** > -- Sent from mobile device.
_______________________________________________ rhelv5-list mailing list rhelv5-list@redhat.com https://www.redhat.com/mailman/listinfo/rhelv5-list
