Volker Lendecke wrote:
On Thu, Jul 17, 2008 at 09:37:49AM -0400, Linux Addict wrote:
Linux Addict wrote:
Hello Everyone, I have been tasked to work on consolidating
authentication to achieve single sign-on using Active Directory.
We have mix of Linux and Windows Hosts. All Linux hosts do local
authentication currently and Windows hosts authenticates Active
directory.
I have been thinking of using Samba to authenticate Linux Hosts
against Active Directory. I am fairly confident of configuring
straight Linux to AD authentication. But we have 2 Active Directory
forests. AD2 is trusted by AD1 and all the Linux hosts will be part of
AD1.
The idea is to have a AD1 resource and AD2 users. So we will need
Linux Hosts to authenticate users of both AD1 and AD2. I am not sure
about how to map uid/gid and also weather kerboros will be able to
authenticate both Domains.
If you guys can throw some ideas on how to achieve this, that will be
great.
Cheers, LA
Pump.. sorry.. I haven't heard from anyone.
If both trust each other, shouldn't it just plain work?
Volker
Thanks for your response.
No.. Its one way trust. Using kerboros authntication, doesn't seem to
be working for the users of Trusted Domain users as Default domain
option on krb5.conf appends the domain name. But winbind works, I am ok
with that. But I am having issues mapping uid/gid consistent across
network for . Also, the tdb files seems to be corrupted frequently.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
