I would like to see some more options for this as well. I don't really like the only option being the Windows user-name form of SHORTDOM\user. I wouldn't mind FULL.REALM\user. Only having Windows short name as an option really doesn't make integration into non-Windows realms very easy.
I've expressed this on the list before. On Wed, 2007-07-18 at 16:11 +0200, miolinux wrote: > Hi, > > i've read the thread about idmap customization, i'm planning an > integration between windows AD and MIT kerberos, and i was very > interested on the subject. > > Now we are authenticating windows AD user against mit kerberos realm > with a cross-domain trust, and with windows client everythings works. > > Ie. Authentication is done with kerberos mit and authorization is done > with windows AD. > > Now i'm working to let linux computers authenticate users. What i need > it to Authenticate user agains mit kerberos with pam_krb5 ([EMAIL PROTECTED]), > and get authorization from windows AD (DOMAIN+user). > > The main problem is that i can force user to append @REALM for > pam_krb5, but i need user to be in form "user" and not "DOMAIN+user" > for a domain that is not the "workgroup" of the computer. > > Would it be much work to add a parameter to specify windbind default > domain to be different from computer workgroup? > > even if a complete customization of user name and group name would be > preferred a custom default domain could be enought for me. > > Is this possible? > > Regards, > > -- > Miolinux -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
