In past, one of my clients was using domain auth with winbind mainly due to the fact that we had multiple domains to login from and RHEL4u6 did not have a cross realm support.
As of now client moved completely to RHEL5u4 and soon to be u7, he would like to migrate to native krb auth. Our backend infrastructure for AD is windows 2008 servers. My question is in regards to user ID mapping. I would like to preserve/match the existing UID. There are two domains, "MYDOMAIN" and "NEWDOMAIN" that is used by different users. With winbind, we used something like this on each host in order to get the UID for each user - this setup would guarantee identical UID for each user on every server. How can the same be accomplished with native krb with cross realm support? [global] workgroup = MYDOMAIN realm = MYDOMAIN.HOSTNAME.COM server string = Samba Client security = ADS obey pam restrictions = Yes passdb backend = tdbsam client NTLMv2 auth = Yes log file = /var/log/winbind local master = No dns proxy = No panic action = /usr/share/samba/panic-action %d idmap uid = 1000 - 299999 idmap gid = 1000 - 299999 template shell = /bin/bash winbind separator = + winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes winbind expand groups = 10 winbind refresh tickets = Yes winbind offline logon = Yes idmap config MYDOMAIN:range = 100000 - 199999 idmap config MYDOMAIN:backend = rid idmap config NEWDOMAIN:range = 200000 - 299999 idmap config NEWDOMAIN:backend = rid
_______________________________________________ rhelv5-list mailing list rhelv5-list@redhat.com https://www.redhat.com/mailman/listinfo/rhelv5-list