On 12/13/2017 03:20 PM, Richard Pieri wrote:
On a completely different topic from document conversion...
My employer has two Active Directory domains. I need to set up some
Linux servers (RHEL, SUSE and Ubuntu) to use both domains for user
authentication. Users get accounts on one or the other, never both. This
is a mandate from Legal so the easy answer is off the table.
Is there some reason that you can't have a trust between the 2 domains?
This is normally how one would implement what you're describing. Even a
one-way trust should work, assuming you don't need group membership
information.
SSSD and Winbind work for binding to one domain or the other but I can't
bind to both at the same time (Red Hat promised this in RHEL 7 but have
yet to deliver). So I figure I can use AD for one domain and LDAP bind
authentication for the other, or LDAP binds to each domain, but I can't
either working.
If there were a trust you could authenticate to the domain with users
from the trusted domain. A trust is basically that, the domain that
you're joined to will trust credentials from the trusted domain.
Yes, I'm doing something wrong. No, I don't know what. And, my Google-Fu
is only finding single AD or LDAP auth server configurations. Has anyone
here done anything like this before? Have any references you can point
me at?
To be fair, you haven't said exactly what you're trying to do. Is this
for a web application, a system service (SMB, FTP, etc.), or simply
SSH/SFTP/Desktop access? There are other options in certain cases that
don't require you to join the individual machines to the domain (SAML,
third-party tools), so specifics would be helpful. Also you don't
mention if you have a budget for this, as it's possible you can do this
with commercial integrations that would have support beyond just a bunch
of folks on blu (although I'm sure we offer better support than some :-).
Grant M.
--
Grant Mongardi
*Senior Systems Engineer*
*NAPC inc*
p: 781-894-3114
a: 307 Waverley Oaks Rd. Waltham, Ma 02452
w: www.napc.com e: [email protected]
<https://facebook.com/napcgroup> <https://twitter.com/NAPCgroup>
<https://www.linkedin.com/company/205941/>
_______________________________________________
Discuss mailing list
[email protected]
http://lists.blu.org/mailman/listinfo/discuss
