Hi, i've read the thread about idmap customization, i'm planning an integration between windows AD and MIT kerberos, and i was very interested on the subject.
Now we are authenticating windows AD user against mit kerberos realm with a cross-domain trust, and with windows client everythings works. Ie. Authentication is done with kerberos mit and authorization is done with windows AD. Now i'm working to let linux computers authenticate users. What i need it to Authenticate user agains mit kerberos with pam_krb5 ([EMAIL PROTECTED]), and get authorization from windows AD (DOMAIN+user). The main problem is that i can force user to append @REALM for pam_krb5, but i need user to be in form "user" and not "DOMAIN+user" for a domain that is not the "workgroup" of the computer. Would it be much work to add a parameter to specify windbind default domain to be different from computer workgroup? even if a complete customization of user name and group name would be preferred a custom default domain could be enought for me. Is this possible? Regards, -- Miolinux -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
